Microsoft security patch release for CVE-2025-59287
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft released out-of-band security updates for CVE-2025-59287, a critical WSUS remote code execution flaw affecting Windows Server systems with the WSUS Server Role enabled. The emergency patches address a bug with publicly available proof-of-concept exploit code, raising the urgency for administrators running exposed update servers. Microsoft also advised immediate installation or temporary workarounds such as disabling WSUS or blocking Ports 8530 and 8531.
Cases
Related Happenings
Microsoft security patch release for CVE-2026-42897
Security Patch Release
H score44
First: 10.06.2026 16:44
Last: 10.06.2026 16:44
Sources 1
About this happening:
**Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Microsoft security patch release for CVE-2026-42897
Security Patch ReleaseAbout this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
H score44
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Microsoft Windows Update restricted-network download failure
Service Disruption
H score13
First: 19.05.2026 14:22
Last: 19.05.2026 14:22
Sources 1
About this happening:
Microsoft's **Windows Update** is failing in **restricted network environments** after the **January 2026 optional non-security preview updates**, leaving affected systems unable...
Microsoft Windows Update restricted-network download failure
Service DisruptionAbout this happening: Microsoft's **Windows Update** is failing in **restricted network environments** after the **January 2026 optional non-security preview updates**, leaving affected systems unable...
Microsoft May 2026 Patch Tuesday release
Security Patch Release
H score44
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Latest development: 01.06.2026 15:30
Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Microsoft security patch release for CVE-2026-41089
Security Patch Release
H score43
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Timeline
-
24.10.2025 10:27 2 articles · 8mo ago
Microsoft releases emergency WSUS patches for CVE-2025-59287
Mitigation Patch UpdateMicrosoft released out-of-band security updates for CVE-2025-59287, a critical Windows Server Update Service (WSUS) remote code execution flaw affecting Windows Server systems with the WSUS Server Role enabled. The company said the bug can be triggered remotely without user interaction, can run code as SYSTEM, and is potentially wormable between WSUS servers. Microsoft also said a proof-of-concept exploit is now publicly available, recommended installing the emergency cumulative updates for affected Windows Server versions, and advised temporary workarounds such as disabling the WSUS Server Role or blocking inbound traffic to Ports 8530 and 8531.
Show sources
- Windows Server emergency patches fix WSUS bug with PoC exploit — www.bleepingcomputer.com — 24.10.2025 10:27
- Microsoft: Patch for WSUS flaw disabled Windows Server hotpatching — www.bleepingcomputer.com — 03.11.2025 17:22