We’d like to make you aware of a critical security vulnerability (CVSS 9.8) that has recently been identified in Microsoft Windows Server Update Services (WSUS). This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges on affected servers.
Summary of the Vulnerabilities:
CVE-2025-48983 – CVE-2025-59287 – A remote code execution vulnerability caused by unsafe deserialisation in WSUS’s reporting web services. Attackers can exploit this by sending crafted requests to the WSUS server’s GetCookie() endpoint.
What’s Affected:
Recommended Action:
We strongly encourage reviewing your environment to identify any servers running the WSUS role. If so, apply the out-of-band security update released on October 23, 2025, and reboot the server to complete mitigation.
If patching is not immediately possible, Microsoft recommends:
Disabling the WSUS Server Role, and/or blocking inbound traffic to ports 8530 and 8531 at the host firewall