MSFT — Microsoft issues out-of-band patch for critical WSUS RCE (CVE-2025-59287); CISA flags active exploitation (2025-10-24)

Out-of-band security update released to address WSUS remote code execution vulnerability: CVE-2025-59287
Severity: Critical; CVSS 9.8; flaw stems from deserialization of untrusted data in WSUS reporting web services
Affected platforms: Windows Server 2012, 2012 R2, 2016, 2019, 2022 (including Server Core 23H2), and Windows Server 2025 with WSUS role installed
Microsoft indicates the October Patch Tuesday fix required additional OOB update; proof-of-concept exploit publicly available; exploitation observed
CISA alert: vulnerability added to Known Exploited Vulnerabilities catalog; agencies urged to apply OOB update and reboot WSUS servers
Vendor support article confirms KB packages addressing CVE-2025-59287; guidance provided for immediate patching and mitigations if patching delayed (e.g., disable WSUS role or block inbound TCP 8530/8531)