{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-040.pdf"
    },
    "title": "Critical Vulnerability in Windows Server Update Service (WSUS)",
    "serial_number": "2025-040",
    "publish_date": "24-10-2025 16:42:26",
    "description": "On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems. A proof-of-concept is publicly available for this vulnerability.<br>\nIt is recommended to update as soon as possible.<br>\n",
    "url_title": "2025-040",
    "content_markdown": "---    \ntitle: 'Critical Vulnerability in\u00a0Windows\u00a0Server\u00a0Update\u00a0Service (WSUS)'\nnumber: '2025-040'\nversion: '1.0'\noriginal_date: '2025-10-23'\ndate: '2025-10-24'\n---\n\n_History:_\n\n* _24/10/2025 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nOn October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems [1]. A proof-of-concept is publicly available for this vulnerability [2].\n\nIt is recommended to update as soon as possible.\n\n# Technical Details\n\nThe vulnerability **CVE-2025-59287**, with a CVSS score of 9.8, is an unsafe deserialisation issue that may allow a remote, unauthenticated attacker to execute malicious code on affected assets with SYSTEM privileges.\n\n# Affected Products\n\nThis vulnerability affects Microsoft Windows Server with the WSUS server role enabled. Microsoft published an update for the following versions of Windows Server:\n\n- Windows Server 2012\n- Windows Server 2012 R2\n- Windows Server 2016\n- Windows Server 2019\n- Windows Server 2022\n- Windows Server 23H2\n- Windows Server 2025\n\n# Recommendations\n\nIt is recommended to update affected assets as soon as possible.\n\n# References\n\n[1] <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287>\n\n[2] <https://hawktrace.com/blog/CVE-2025-59287>",
    "content_html": "<p><em>History:</em></p><ul><li><em>24/10/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems [1]. A proof-of-concept is publicly available for this vulnerability [2].</p><p>It is recommended to update as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2025-59287</strong>, with a CVSS score of 9.8, is an unsafe deserialisation issue that may allow a remote, unauthenticated attacker to execute malicious code on affected assets with SYSTEM privileges.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects Microsoft Windows Server with the WSUS server role enabled. Microsoft published an update for the following versions of Windows Server:</p><ul><li>Windows Server 2012</li><li>Windows Server 2012 R2</li><li>Windows Server 2016</li><li>Windows Server 2019</li><li>Windows Server 2022</li><li>Windows Server 23H2</li><li>Windows Server 2025</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended to update affected assets as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287\">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://hawktrace.com/blog/CVE-2025-59287\">https://hawktrace.com/blog/CVE-2025-59287</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}