Urgent: Microsoft Releases Emergency Patch for Critical WSUS Flaw

UPDATE: Microsoft has just issued an emergency security patch for a critical vulnerability in the Windows Server Update Service (WSUS), highlighting an urgent need for users to act immediately. The flaw, identified as CVE-2025-59287, has a severity score of 9.8/10 and allows unauthenticated attackers to execute remote code, potentially compromising entire networks.

This emergency patch comes after public exploit code was released online, indicating that the flaw is already being exploited. Microsoft originally addressed this issue in its Patch Tuesday update on October 14, 2025, but the urgency of the situation has led to an out-of-band (OOB) update to ensure immediate remediation.

The vulnerability allows attackers, without any user interaction, to gain SYSTEM privileges and run malicious code. This could enable them to pivot and infect other WSUS servers within the network, posing a significant risk to organizations. The Cybersecurity and Infrastructure Security Agency (CISA) has warned users to prioritize this update to protect their systems.

Microsoft advises users who have not yet installed the October 2025 update to apply the OOB patch immediately. “If you haven’t installed the October 2025 Windows security update yet, we recommend you apply this OOB update instead,” Microsoft noted in a security advisory. “After you install the update, you will need to reboot your system.”

For those unable to apply the patch right away, Microsoft suggests several mitigations. Servers without the WSUS server role enabled are not vulnerable. However, if the WSUS role is activated, it will become vulnerable unless the fix is installed promptly. Additional workarounds include disabling the WSUS Server Role or blocking inbound traffic to ports 8530 and 8531 on the host firewall, though this will halt updates to Windows endpoints.

In light of the high-severity nature of this vulnerability, authorities are urging all users, particularly IT administrators, to act swiftly to secure their systems. Failure to update could result in severe security breaches and data loss.

Stay tuned for more updates as this developing story unfolds. Follow TechRadar for the latest technology news and expert insights.