Microsoft released out-of-band patches on Thursday to “comprehensively” fix a critical vulnerability in the Windows Server Update Service (WSUS) after the first patches released on Oct. 14 proved insufficient. Attackers exploited the vulnerability in the wild after a detailed vulnerability analysis and proof-of-concept exploit were published this week. Tracked as CVE-2025-59287, the vulnerability stems from an unsafe deserialization of the AuthorizationCookie object in WSUS environments. ...
