Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft security patch release for CVE-2025-59287

Security Patch Release
First reported
Last updated
Happening score
H score 59
1 unique sources, 2 articles

Summary

Hide ▲

Microsoft released out-of-band security updates for CVE-2025-59287, a critical WSUS remote code execution flaw affecting Windows Server systems with the WSUS Server Role enabled. The emergency patches address a bug with publicly available proof-of-concept exploit code, raising the urgency for administrators running exposed update servers. Microsoft also advised immediate installation or temporary workarounds such as disabling WSUS or blocking Ports 8530 and 8531.

Cases

ShadowPad staging through WSUS RCE (3)

Related Happenings

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Microsoft Windows Update restricted-network download failure

Service Disruption
First: 19.05.2026 14:22 Last: 19.05.2026 14:22 Sources 1

About this happening: Microsoft's **Windows Update** is failing in **restricted network environments** after the **January 2026 optional non-security preview updates**, leaving affected systems unable...

Open Happening

Microsoft May 2026 Patch Tuesday release

Security Patch Release
First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Open Happening

Microsoft security patch release for CVE-2026-41089

Security Patch Release
First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Open Happening

Windows 10 KB5087544 extended security update

Security Patch Release
First: 12.05.2026 21:58 Last: 12.05.2026 21:58 Sources 1

About this happening: **Microsoft** released **Windows 10 KB5087544** for **Windows 10 ESU/LTSC systems**, addressing **May 2026 Patch Tuesday vulnerabilities** and a **Remote Desktop warnings** issue....

Open Happening

Timeline

  1. 24.10.2025 10:27 2 articles · 7mo ago

    Microsoft releases emergency WSUS patches for CVE-2025-59287

    Mitigation Patch Update

    Microsoft released out-of-band security updates for CVE-2025-59287, a critical Windows Server Update Service (WSUS) remote code execution flaw affecting Windows Server systems with the WSUS Server Role enabled. The company said the bug can be triggered remotely without user interaction, can run code as SYSTEM, and is potentially wormable between WSUS servers. Microsoft also said a proof-of-concept exploit is now publicly available, recommended installing the emergency cumulative updates for affected Windows Server versions, and advised temporary workarounds such as disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531.

    Show sources
    Open in new tab