This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287.

The Windows Server Update Service provides a way for IT administrators to deploy the latest Microsoft product updates. They can use WSUS to fully manage the distribution of updates that are released through Microsoft Update to computers on the network.

Although Microsoft considers WSUS a deprecated feature and no longer adds new functionality, it remains supported for production deployments and continues to receive security and quality updates in line with the product lifecycle. That support clearly proved useful in this case.

The vulnerability was disclosed after Microsoft’s Patch Tuesday in October, where the necessary fixes were released.
According to the vendor bulletin, Microsoft acknowledged the researcher(s) nicknamed “MEOW”.

This issue is categorized as Deserialization of Untrusted Data (CWE-502) – The CVSSv3 score is 9.8 Critical.
It impacts all active Windows Server versions running WSUS, from Windows Server 2012 through Windows Server 2025.

This vulnerability enables a remote, unauthenticated attacker to send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution and potentially compromising the update service on vulnerable servers.

Details about the issue, the list of affected versions and additional information are available in Microsoft’s Security Response Center:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287

For more information about the vulnerability, please visit NVD’s site:
https://nvd.nist.gov/vuln/detail/CVE-2025-59287
https://www.tenable.com/cve/CVE-2025-59287

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.

Week 42 – Update and Destruct: WSUS Hit by Deserialization Flaw

13 – 19 Oct 2025

This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287.

CyAN APAC Event NOV 2025

Third Party & Supply Chain Cyber Security Summit: Middle East Edition

WAM World Advanced Manufacturing & Logistics – Saudi

CyAN APAC Event – February 2026

GISEC GLOBAL 2026