Act Now — Microsoft Issues Emergency Windows Update As Attacks Begin

Hot on the heels of a Chrome emergency security update issued by Google, Microsoft has now also confirmed an emergency fix for a critical Windows vulnerability. Acting now is paramount as the Cybersecurtity and Infrastructure Security Agency has warned that attacks are already underway. Here’s what you need to know and do about CVE-2025-59287.

ForbesPayPal Users Warned ‘Do Not Pay, Do Not Phone’ As Attackers StrikeBy Davey Winder

Microsoft Confirms Emergency Security Update For Windows Server Users

Less than a week after CISA issued a warning for federal agencies to update Windows Server, Windows 10 and Windows 11 due to ongoing server message block attacks, lightning has struck twice for Windows Servers users. Now CISA has confirmed that attacks are underway that exploit CVE-2025-59287, a critical vulnerability within the Windows Server Update Service that can enable a hacker to remotely execute malicious code over the network.

Microsoft stated: “The WSUS Server Role is not enabled by default on Windows servers. Windows servers that do not have the WSUS server role enabled are not vulnerable to this vulnerability. If the WSUS server role is enabled, the server will become vulnerable if the fix is not installed before the WSUS server role is enabled.”

ForbesThe WhatsApp $1 Million Hack Mystery — What You Need To KnowBy Davey Winder

CISA, meanwhile, has issued a warning giving certain federal agencies just two weeks to ensure they do so under a binding directive. America’s Security Agency also said that it “strongly urges organizations to implement Microsoft’s updated Windows Server Update Service Remote Code Execution Vulnerability guidance, or risk an unauthenticated actor achieving remote code execution with system privileges.”

CISA recommends the following course of action:

• Identify servers that are currently configured to be vulnerable to exploitation.
• Apply the out-of-band security update released on October 23, 2025, to all servers so identified.
• Reboot WSUS servers after installation to complete mitigation.

If you cannot update right now, it is advised that the WSUS server role be disabled and that inbound traffic to ports 8530 and 8531 be blocked at the host firewall.

Microsoft said that it’s important that Windows Server admins “do not undo either of these workarounds until after you have installed the update.” I know it’s the weekend, but hey, you know what to do.