Overview
- Microsoft released emergency updates for Windows Server 2012 through 2025 to address CVE-2025-59287, with cumulative KBs that supersede October’s releases and require a restart.
- the Dutch National Cyber Security Centre reported observed abuse on October 24 after proof-of-concept code was published, raising the risk level for unpatched systems.
- The vulnerability enables unauthenticated remote code execution through unsafe object deserialization, allowing code to run with SYSTEM privileges.
- Only servers with the WSUS role are affected, and researchers warn the flaw is potentially wormable between WSUS servers.
- Admins unable to patch immediately are advised to disable the WSUS role or block inbound ports 8530 and 8531, which will stop clients from receiving updates from the local server.