October 30, 2025 By Zeljka Zorz
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers.
An out-of-band update
Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability, was almost immediately followed by reports of in-the-wild exploitation.
With a PoC exploit that’s been made public a few days before the fix and a patch that could be reverse-engineered, attackers had enough to create exploits of their own and start targeting unpatched internet-facing Windows Server machines with the WSUS Server role enabled.
Eye Security were among the first to report suspicious activity related to CVE-2025-59287 exploitation.
