More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, just days after Microsoft pushed an emergency patch and the US Cybersecurity and Infrastructure Security Agency added the bug to its Known Exploited Vulnerabilities catalog.

Microsoft hasn’t updated its advice about the flaw to reveal to note the active in-the-wild exploitation detected by multiple credible sources. Redmond instead lists CVE-2025-59287 as not having been publicly disclosed, or exploited. The software giant does rate the bug as "exploitation more likely," which may be the understatement of the month.

"We are actively investigating the exploitation of CVE-2025-59287 by a newly

See Full Page