Researchers have observed a dramatic increase in reconnaissance activity directed at WSUS infrastructure. Security organizations have reported a notable rise in scanning activity on TCP ports 8530 and 8531, which correlate with a critical vulnerability (CVE-2025-59287) allowing remote code execution. This vulnerability enables attackers to exploit susceptible WSUS servers without authentication, leading to arbitrary script execution on compromised systems.
The attack pattern typically involves a two-stage approach where reconnaissance precedes exploitation. Initial port scanning helps identify vulnerable WSUS servers, and upon discovery, attackers can execute malicious scripts, gaining extensive control over the infrastructure. Security experts underscore the need for immediate audits of network perimeters to locate exposed WSUS servers that may be at risk of compromise. Given the high CVSS score of 9.8 associated with this vulnerability, swift action is required, including network segmentation and alert systems to detect suspicious activities.
👉 Pročitaj original: Cyber Security News
