Microsoft has issued an out-of-band security update for a critical Remote Code Execution vulnerability, CVE-2025-59287, in its Windows Server Update Service. The flaw, which has a CVSS score of 9.8, is under active exploitation by threat actors, prompting a high-priority alert from CISA.
A new industrial revolution is emerging, powered by steel, sensors, and artificial intelligence. From Silicon Valley to Australia, nations and tech giants are racing to lead the humanoid robotics era, reshaping global industries and defining the future of work and economic power.
Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Microsoft has issued an out-of-band security update for a critical Remote Code Execution vulnerability, CVE-2025-59287, in its Windows Server Update Service. The flaw, which has a CVSS score of 9.8, is under active exploitation by threat actors, prompting a high-priority alert from CISA.
Cyber News Centre's cyber update for 27th October 2025: Microsoft has issued a second, out-of-band patch for a critical vulnerability in its Windows Server Update Service (WSUS) after confirming the flaw is under active exploitation.
Microsoft Corporation is a global technology leader providing software, services, devices, and solutions. The Windows Server Update Service is a crucial component used by organisations to manage and deploy the latest Microsoft product updates to computers in their network.
The Update: Microsoft has released an emergency, out-of-band security update to address a critical Remote Code Execution (RCE) vulnerability, tracked as CVE-2025-59287, in the Windows Server Update Service (WSUS). The vulnerability, which carries a maximum CVSS score of 9.8, stems from an unsafe deserialisation of untrusted data, allowing an unauthenticated attacker to execute code over a network with SYSTEM privileges.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) Catalog, confirming active exploitation and mandating federal agencies to patch immediately. This emergency fix supersedes a previous, incomplete patch.
A Microsoft spokesperson confirmed the re-release, stating, "We re-released this CVE after identifying that the initial update did not fully mitigate the issue. Customers who have installed the latest updates are already protected."
Why it Matters: The WSUS vulnerability presents a severe risk as it allows a complete takeover of the server, which can then be used to distribute malicious payloads across the entire connected network, effectively compromising the entire domain.
The exploit is particularly dangerous because it can be executed by an unauthenticated attacker, meaning no login credentials are required to initiate the attack. Security researchers have noted that attackers are using sophisticated methods, such as custom request headers, to execute commands and avoid detection in server logs.
Organisations must treat this as a high-priority incident and apply the out-of-band patch immediately, or block inbound traffic to ports 8530/8531 as a temporary measure.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Vocus Group, the parent company of Dodo and iPrimus, has confirmed a cyberattack that exposed sensitive customer data and led to unauthorised SIM-swap incidents. The breach affected 1,600 customers, underscoring rising cybersecurity threats in Australia’s telecom sector.
The US Department of Homeland Security has confirmed a major cybersecurity breach affecting FEMA and CBP employees. The attacker exploited a Citrix vulnerability to infiltrate internal systems, prompting mass staff firings and renewed scrutiny over federal cybersecurity practices.
SimonMed Imaging has confirmed a ransomware attack by the Medusa group, exposing the sensitive health and personal data of 1.27 million patients. The breach, which originated in January, highlights the severe risks posed by third-party vendor vulnerabilities in the healthcare sector.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
