Security researchers at Huntress have discovered active exploitation of a remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS) that Microsoft issued an out-of-band patch for this month.

WSUS is used by enterprise administrators to manage and distribute updates across corporate networks.

Another security vendor, Hawktrace, published a technical analysis of the vulnerability that is indexed as CVE-2025-59287, saying an unsafe deserialisation bug allows unauthenticated attackers to remotely execute code, with elevated SYSTEM privileges.

Hawktrace published a proof-of-concept (PoC) for the vulnerability, and Huntress now said it has observed threat actors exploiting the flaw across four of its customers.

Microsoft rated the vulnerability as 9.8 out of 10,

See Full Page