![\"Microsoft](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/10\/1761397753_588_960x0.jpg\")
<\/p>\n<\/p>\n
Windows Server is under attack, act now.<\/p>\n
SOPA Images\/LightRocket via Getty Images<\/p>\n
Updated October 26 with more technical information regarding the latest Microsoft Windows emergency security update addressing CVE-2025-59287, a critical vulnerability within the Windows Server Update Service that could enable a threat actor to remotely execute malicious code and is already being used in attacks, according to the Cybersecurity Infrastructure and Security Agency.<\/p>\n
Hot on the heels of a Chrome emergency security update<\/a> issued by Google, Microsoft has now also confirmed an emergency fix for a critical Windows vulnerability. Acting immediately is paramount, as the Cybersecurity and Infrastructure Security Agency has warned that attacks are already underway and issued a binding directive requiring federal agencies to update now. Here\u2019s what you need to know and do about CVE-2025-59287.<\/p>\n ForbesPayPal Users Warned \u2018Do Not Pay, Do Not Phone\u2019 As Attackers StrikeBy Davey Winder<\/a>Microsoft Confirms Emergency Security Update For Windows Server Users<\/p>\n Less than a week after CISA issued a warning<\/a> for federal agencies to update Windows Server, Windows 10 and Windows 11 due to ongoing server message block attacks, lightning has struck twice for Windows Servers users. Now CISA has confirmed that attacks are underway that exploit CVE-2025-59287<\/a>, a critical vulnerability within the Windows Server Update Service that can enable a hacker to remotely execute malicious code over the network.<\/p>\n Microsoft stated: \u201cThe WSUS Server Role is not enabled by default on Windows servers. Windows servers that do not have the WSUS server role enabled are not vulnerable to this vulnerability. If the WSUS server role is enabled, the server will become vulnerable if the fix is not installed before the WSUS server role is enabled.\u201d<\/p>\n The Microsoft Windows Server CVE-2025-59287 Critical Vulnerability In More Detail<\/p>\n \u201cOur team ran a preliminary search for WSUS servers across the internet,\u201d Bas van den Berg, a cybersecurity researcher at Eye Security, said. \u201cThey looked for Internet Information Service servers with specific ports 8530 (http) or 8531 (https) on Shodan and Fofa and yielded approximately 8,000 servers.\u201d Eye Security then notified the relevant authorities, as well as threat intelligence sharing partners with whom it works alongside. According to an Eye Security LinkedIn post<\/a>, which first confirmed active exploitation of CVE-2025-59287, its telemetry has revealed that there are now at least 2,500 WSUS servers still exposed and at risk across the world.<\/p>\n ForbesLastPass Warns \u2018Are You Dead?\u2019 Master Password Hack Attacks OngoingBy Davey Winder<\/a>America\u2019s Security Agency Urges Every Organization To Update Now As Attacks Continue<\/p>\n CISA, meanwhile, has issued a warning<\/a> giving certain federal agencies just two weeks to ensure they do so under a binding directive. America\u2019s Security Agency also said<\/a> that it \u201cstrongly urges organizations to implement Microsoft\u2019s updated Windows Server Update Service Remote Code Execution Vulnerability guidance, or risk an unauthenticated actor achieving remote code execution with system privileges.\u201d<\/p>\n CISA recommends the following course of action:<\/p>\n If you cannot update right now, it is advised that the WSUS server role be disabled and that inbound traffic to ports 8530 and 8531 be blocked at the host firewall.<\/p>\n Microsoft said that it\u2019s important that Windows Server admins \u201cdo not undo either of these workarounds until after you have installed the update.\u201d I know it\u2019s the weekend, but hey, you know what to do.<\/p>\n\n