Microsoft has released an emergency security patch for a critical vulnerability in Windows Server Update Services (WSUS) that is being actively exploited. The vulnerability, tracked as CVE-2025-59287, allows remote code execution and carries a severity score of 9.8 out of 10.

Microsoft has released an out-of-band security update for a critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287. This flaw allows remote code execution by unauthenticated threat actors, and a new patch is necessary to fully mitigate the issue as the initial patch was incomplete.