EN / AU & NZ
Huon IT
We’d like to make you aware of a critical security vulnerability (CVSS 9.8) that has recently been identified in Microsoft Windows Server Update Services (WSUS). This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges on affected servers.
Summary of the Vulnerabilities:
CVE-2025-48983 – CVE-2025-59287 – A remote code execution vulnerability caused by unsafe deserialisation in WSUS’s reporting web services. Attackers can exploit this by sending crafted requests to the WSUS server’s GetCookie() endpoint.
What’s Affected:
- Windows Server versions 2012, 2012 R2, 2016, 2019, 2022 (including 23H2), and 2025 with the WSUS Server Role enabled.
- Servers with ports 8530/8531 open are particularly vulnerable.
- Servers not running WSUS are not impacted.
Recommended Action:
We strongly encourage reviewing your environment to identify any servers running the WSUS role. If so, apply the out-of-band security update released on October 23, 2025, and reboot the server to complete mitigation.
If patching is not immediately possible, Microsoft recommends:
Disabling the WSUS Server Role, and/or blocking inbound traffic to ports 8530 and 8531 at the host firewall
