Cybersecurity researchers have warned that attackers are actively exploiting a severe vulnerability in Windows Server Update Services (WSUS), even after Microsoft’s recent patch failed to fully fix the issue. The flaw, tracked as CVE-2025-59287, impacts WSUS versions dating back to 2012.
Microsoft rolled out an emergency out-of-band security update for the vulnerability on Thursday, following earlier attempts to address it. Despite this, several cybersecurity firms reported active exploitation by Friday. However, Microsoft has not yet officially confirmed these attacks.
This situation highlights how quickly both cyber defenders and adversaries respond to newly disclosed flaws. Within hours of Microsoft’s emergency patch release, researchers observed proof-of-concept exploits and live attacks targeting vulnerable servers.
“This vulnerability shows how simple and trivial exploitation is once an attack script is publicly available,” said John Hammond, principal security researcher at Huntress, in an interview with CyberScoop. “It’s always an attack of opportunity — just kind of spray-and-pray, and see whatever access a criminal can get their hands on.”
The Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its K
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: