CyberSecurityBoard
Sponsor Register Login

Microsoft releases Windows Server emergency updates for critical WSUS RCE flaw

Microsoft has released emergency security updates to address a critical remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). This flaw allows attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. The vulnerability is rated critical due to its severity and the widespread use of WSUS in enterprise environments for managing Windows updates. Microsoft urges all organizations using WSUS to apply these patches immediately to mitigate the risk of exploitation. The updates fix the vulnerability by correcting how WSUS handles certain requests, preventing attackers from exploiting the flaw to run malicious code remotely. This incident highlights the importance of timely patching and monitoring of update services to protect enterprise infrastructure. Security teams should prioritize deploying these emergency updates and review their WSUS configurations to ensure no other vulnerabilities are present. Additionally, organizations are advised to monitor their networks for any signs of compromise related to this vulnerability and to follow best practices for securing update services. Staying informed about such critical vulnerabilities and responding swiftly is essential to maintaining robust cybersecurity defenses in today's threat landscape.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 24 Oct 2025 07:30:14 +0000


Cyber News related to Microsoft releases Windows Server emergency updates for critical WSUS RCE flaw

Microsoft confirms Windows Server Update Services (WSUS) sync is broken - "Devices trying to synchronize updates from Microsoft Updates using Windows Server for Update Services (WSUS) might fail to complete the synchronization process. Microsoft has confirmed a widespread issue in Windows Server Update Services (WSUS) that ...
4 months ago Bleepingcomputer.com
Microsoft releases Windows Server emergency updates for critical WSUS RCE flaw - Microsoft has released emergency security updates to address a critical remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). This flaw allows attackers to execute arbitrary code on affected systems, potentially leading ...
1 month ago Bleepingcomputer.com CVE-2024-27512
PoC WSUS RCE Vulnerability - A critical Remote Code Execution (RCE) vulnerability has been discovered in Microsoft's Windows Server Update Services (WSUS). This flaw allows attackers to execute arbitrary code on affected systems, potentially leading to full system compromise. ...
1 month ago Cybersecuritynews.com CVE-2024-27512
Microsoft patch for WSUS flaw disabled Windows Server hotpatching - Microsoft recently released a patch to address a critical flaw in Windows Server Update Services (WSUS). However, this patch inadvertently disabled the hotpatching feature on Windows Server, causing operational challenges for system administrators. ...
3 weeks ago Bleepingcomputer.com
Microsoft delays WSUS driver sync deprecation indefinitely - One month later, Microsoft reminded admins to prepare for WSUS driver sync deprecation, encouraging them to adopt cloud-based solutions for client and server updates, like Windows Autopatch, Microsoft Intune, and Azure Update Manager. Introduced ...
7 months ago Bleepingcomputer.com
CISA Issues Warning on WSUS Vulnerability Exploited by Threat Actors - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a newly discovered vulnerability in Windows Server Update Services (WSUS). This vulnerability has been actively exploited by threat actors to gain ...
4 weeks ago Cybersecuritynews.com CVE-2024-27512 UNC2447
Actively Exploited WSUS Bug Added to CISA Known Exploited Vulnerabilities Catalog - A critical vulnerability in Microsoft's Windows Server Update Services (WSUS) has been actively exploited in the wild, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities Catalog. ...
1 month ago Infosecurity-magazine.com CVE-2024-27512
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Microsoft pushes fix for Windows 11 update 0x80240069 errors - ​Microsoft has fixed a known issue preventing Windows 11 24H2 feature updates from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates. "Devices which have installed the April Windows ...
6 months ago Bleepingcomputer.com
Hackers now exploiting critical Windows Server WSUS flaw in attacks - A critical vulnerability in Windows Server Update Services (WSUS) is now actively exploited by hackers, posing significant risks to enterprise environments. This flaw allows attackers to execute remote code on affected systems, potentially leading to ...
1 month ago Bleepingcomputer.com CVE-2024-27512
Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors - "Devices which have installed the April Windows monthly security update, released April 8, 2025, or later (starting with KB5055528) might be unable to update to Windows 11 24H2 via Windows Server Update Services (WSUS)," Microsoft says in a Windows ...
6 months ago Bleepingcomputer.com
WSUS vulnerability: CISA issues late Friday warning - Microsoft's Windows Server Update Services (WSUS) has a critical vulnerability that has prompted a late Friday warning from the Cybersecurity and Infrastructure Security Agency (CISA). This vulnerability could allow attackers to execute remote code, ...
1 month ago Therecord.media CVE-2024-27512
CISA orders federal agencies to patch Windows Server WSUS flaw exploited in attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive to all federal agencies to patch a critical vulnerability in Windows Server Update Services (WSUS). This flaw has been actively exploited by threat actors, ...
1 month ago Bleepingcomputer.com CVE-2024-27512
WSUS RCE Vulnerability: Critical Security Flaw in Windows Server Update Services - A critical Remote Code Execution (RCE) vulnerability has been discovered in Microsoft's Windows Server Update Services (WSUS), posing significant risks to enterprise environments. This flaw allows attackers to execute arbitrary code on affected ...
1 month ago Cybersecuritynews.com CVE-2024-27512
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Microsoft extends Windows Server 2012 ESUs to October 2026 - Microsoft provides three more years of Windows Server 2012 Extended Security Updates until October 2026, giving administrators more time to upgrade or migrate to Azure. The company also prolonged the end date for Windows Server 2012 and extended ...
1 year ago Bleepingcomputer.com
New Windows Server emergency updates fix container launch issue - "This update fixes an issue caused by 2025.04 B container images released on April 8, 2025 where Windows containers running in Hyper-V isolation mode could fail to start in some cases if their update level didn't match that of the hosting utility ...
7 months ago Bleepingcomputer.com
Microsoft reminds admins to prepare for WSUS driver sync deprecation - Introduced as Software Update Services (SUS) in 2005, almost two decades ago, WSUS enables IT admins to manage and distribute updates for Microsoft products across enterprise networks with large numbers of Windows devices from a single server instead ...
9 months ago Bleepingcomputer.com
Hackers Exploit TCP Port WSUS Vulnerability to Launch Attacks - A critical vulnerability in the Windows Server Update Services (WSUS) TCP port has been exploited by hackers, posing significant risks to enterprise networks worldwide. This security flaw allows attackers to gain unauthorized access, potentially ...
3 weeks ago Cybersecuritynews.com CVE-2024-XYZ Unknown
Microsoft fixes VPN failures caused by April Windows updates - The list of impacted Windows versions includes Windows 11, Windows 10, and Windows Server 2008 and later. Since Redmond includes all security fixes in a single update, uninstalling the April updates will also remove all fixes for patched security ...
1 year ago Bleepingcomputer.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 year ago Bleepingcomputer.com CVE-2024-30046
Hackers Exploiting Microsoft WSUS Vulnerability to Deploy Malware - Recent reports have revealed that hackers are actively exploiting a critical vulnerability in Microsoft Windows Server Update Services (WSUS) to deploy malware and gain unauthorized access to corporate networks. This vulnerability, identified as ...
1 month ago Cybersecuritynews.com CVE-2023-35078 Unnamed APT Group
Microsoft warns of Windows update delays due to wrong timestamp - "Some devices in environments where IT admins use quality update (QU) deferral policies might experience delays in receiving the June 2025 Windows security update," Microsoft explains. As Redmond explains in recent advisory updates, this bug affects ...
4 months ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)