Microsoft Issues Emergency Security Patch for Critical WSUS Vulnerability

Microsoft has released an emergency security update to address a severe vulnerability in Windows Server Update Services (WSUS), a key tool used by organizations to manage and distribute Windows updates across corporate networks. The critical flaw, which allows remote attackers to inject and execute malicious code, has been actively exploited, prompting Microsoft to urge immediate action from system administrators.

According to an official advisory, the vulnerability affects the reporting web service component of WSUS. Attackers can exploit this weakness remotely, without requiring authentication, to execute arbitrary code on affected servers. This puts entire network infrastructures at risk, as compromised WSUS servers could be used as a vector for distributing malware or gaining broader access to organizational systems.

Microsoft has classified the vulnerability with a CVSS score of 9.8, denoting a critical risk level. The company has identified a proof-of-concept exploit in the wild, highlighting the urgency for organizations to update their systems without delay. The security flaw centers around improper deserialization of untrusted data, which enables attackers to execute code by sending specially crafted requests over the network.

The emergency patch, released outside the regular update cycle, is a cumulative update designed to resolve the issue comprehensively. Microsoft advises that organizations who have not yet applied the regular October security updates should prioritize installing this out-of-band patch. After applying the update, a server restart is required to ensure full protection.

The update is available for multiple versions of Windows Server, including:

Windows Server 2025 (KB5070881)
Windows Server, version 23H2 (KB5070879)
Windows Server 2022 (KB5070884)
Windows Server 2019 (KB5070883)
Windows Server 2016 (KB5070882)
Windows Server 2012 R2 (KB5070886)
Windows Server 2012 (KB5070887)

Administrators are strongly encouraged to apply the patch as soon as possible. For organizations unable to immediately install the update, Microsoft recommends temporary mitigation measures. These include disabling the WSUS service or blocking access to ports 8530 and 8531 on the host firewall, effectively isolating the service from external access until the update can be deployed.

This represents the second unplanned update from Microsoft in October, following a previous out-of-band fix addressing issues in the Windows Recovery Environment that affected USB device input after security updates. The frequency of these critical patches underscores the importance of rapid response and proactive system maintenance in today's evolving cyber threat landscape.

Security experts emphasize that unpatched WSUS servers pose a significant risk, as attackers could leverage the vulnerability to escalate privileges, deploy ransomware, or establish persistent access to corporate networks. Timely installation of the latest security updates is essential to maintaining a strong security posture and protecting sensitive organizational assets.

Microsoft continues to monitor the situation and provides detailed guidance and technical documentation for system administrators through its official channels. Organizations are encouraged to stay informed about emerging threats and adopt best practices for patch management to reduce the risk of compromise.

For more information and access to the latest updates, administrators should consult Microsoft's official update catalog and security advisories.

Article collated/edited/curated, or written in-house, by The Munich Eye.