New! Try the FREE Predictive Security Plugin for WordPress – Scan, Secure & Stay Safe in Seconds!

Download Now
Visit TisaLabs homepage

Current CyberSecurity Advisories

Critical vulnerability in Microsoft Windows Server Update Service (WSUS)

Request a Call Back
Release date
25 October 2025
Alert rating
Critical

Description

Critical vulnerability impacting Microsoft Windows Server Update Service – CVE-2025-59287. ASD’s ACSC recommends organisations update affected products to the latest versions and follow the advice detailed in the Microsoft Security Update guide.

Audience

Small & medium businessesOrganisations & Critical InfrastructureGovernment

Current update

This alert has been written primarily for, but is not limited to, business and government.

This alert is intended for a technical audience.

Background

Microsoft has identified the following vulnerability in the Microsoft Windows Server Update Service:

  • CVE-2025-59287: This vulnerability involves deserialisation of untrusted data in WSUS, which could enable an unauthenticated actor to achieve remote code execution with system privileges. The ASD’s ACSC recommends that organisations take immediate action to address affected products.
  • The vulnerability impacts Microsoft Windows Server Update Service in Windows Server (2012, 2016, 2019, 2022 and 2025).

Mitigation advice

Australian organisations should review their networks for use of vulnerable instances of the Windows Server Update Service (WSUS), and consult the Microsoft Security Update guide for mitigation advice.

Where to get help

Organisations that have been impacted, suspect impact or require advice and assistance can contact us via 1300 CYBER1 (1300 292 371).

Source
https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/critical-vulnerability-in-Microsoft-Windows-Server-Update-Service
Back

Protect your assets with Predictive

Find out More
TisaAssist bot
🤖 Hello, how can I assist you today?
I can help you with:
✅ Answer questions related to the website.
✅ Help you understand things you don't know.
❓ What's Tisalabs
💻 What's IoT
🔒 Why sensor data must be protected?