Microsoft has taken a second shot at addressing a critical Windows Server vulnerability that a previous update didn't fully fix – and that's now being exploited in the wild.

The vulnerability, tracked as CVE-2025-59287 , affects Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025).

WSUS is a component of the Windows Server operating system that is designed to simplify the management and distribution of Microsoft product updates and patches.

Instead of each PC handling this individually, WSUS downloads the updates and stores them, and then distributes them to all computers on the network.

However, a recent vulnerability allowed for insecure deserialization of untrusted data, which security experts have warned allows unauthenticated attackers to

See Full Page