WSUS Zero-Day Exploits Spread as Microsoft Scrambles to Contain Critical Server Flaw
Attackers are actively exploiting a critical Windows Server Update Services vulnerability that allows complete system takeover with a single request. Despite Microsoft’s emergency patch, security researchers warn the fix may be incomplete as government agencies issue alerts about ongoing exploitation campaigns.
Emergency Patch Fails to Fully Contain Critical WSUS Vulnerability
Microsoft is facing mounting pressure as security researchers and government agencies report active exploitation of a critical Windows Server vulnerability that the company has now patched twice in recent weeks. The flaw in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, carries a near-maximum 9.8 CVSS score and allows unauthenticated attackers to execute arbitrary code on vulnerable systems.