Recent exploitation of a vulnerability in Windows Server Update Services (WSUS) is raising alarms as cybercriminals target organizations to steal sensitive data. The vulnerability, designated CVE-2025-59287, allows unauthenticated remote code execution via a critical deserialization bug. After a patch was released by Microsoft on October 14, 2025, exploitation commenced soon thereafter, leveraging publicly available proof-of-concept code to attack internet-facing WSUS servers in sectors such as education and healthcare.
Sophos telemetry indicates that the attacks began on October 24, 2025, shortly after technical analysis and exploit code surfaced online. Researchers noted that sensitive data such as Active Directory users and network configurations are exfiltrated through Base64-encoded PowerShell commands injected into compromised systems. The rapid exploitation highlights the opportunistic nature of threat actors scanning for vulnerable WSUS servers, exploiting them indiscriminately. Security experts encourage organizations running WSUS to quickly apply the necessary patches and restrict internet access to vulnerable ports.
👉 Pročitaj original: Cyber Security News
