On October 29, 2025, CISA provided detailed guidance to help organizations detect and mitigate threats related to CVE-2025-59287, a critical vulnerability affecting Microsoft’s Windows Server Update Services. This flaw permits unauthenticated attackers to execute arbitrary code on affected servers, rated at a CVSS score of 9.8, thus compromising enterprise networks. After being initially addressed, exploitation surged, leading to an out-of-band patch being released on October 23, 2025. CISA included this vulnerability in its Known Exploited Vulnerabilities Catalog as exploitation methods increased due to public proof-of-concept exploits.
CVE-2025-59287 arises from unsafe data deserialization in WSUS, allowing attackers to exploit the insecure .NET BinaryFormatter for code execution. Successful exploitation requires no user interaction, targeting servers with the WSUS role enabled and exposing specific TCP ports. CISA urges organizations to identify vulnerable servers using PowerShell commands and apply the patch promptly. Administrators are also advised to monitor for suspicious activities, including abnormal tooling or unauthorized data exfiltration, while federal agencies face a remediation deadline of November 14, 2025. Tactical insights gathered indicate potential attacker methods utilizing proxy servers and command-and-control techniques to obscure their activities.
👉 Pročitaj original: Cyber Security News
