The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) has issued a high-priority alert to business and government organisations following the disclosure of a critical vulnerability affecting Microsoft Windows Server Update Service (WSUS).
Microsoft has identified the flaw, tracked as CVE-2025-59287, that could allow an unauthenticated actor to execute remote code with system-level privileges. If exploited, attackers could gain complete control of affected systems, leading to potential data compromise, service disruption or further lateral movement within networks.
The vulnerability impacts Microsoft Windows Server Update Service in Windows Server 2012, 2016, 2019, 2022 and 2025 editions. WSUS is a key component for enterprise and government networks, used to manage and deploy software updates across multiple systems, meaning exploitation could have far-reaching consequences.
The ACSC is urging Australian organisations to act immediately by identifying and remediating vulnerable instances of WSUS in their environments. Administrators are advised to review their networks for affected systems and apply Microsoft’s recommended mitigations as outlined in the Microsoft Security Update Guide.
Unpatched systems remain at high risk of compromise, particularly in environments with exposed or misconfigured WSUS servers. Organisations are encouraged to follow the ASD’s Essential Eight mitigation strategies, maintain strict patch management procedures, and monitor for any unusual network activity associated with update services.
The ACSC’s alert underscores the ongoing need for timely patching and vigilant configuration management, especially for widely deployed infrastructure services like WSUS.
Further technical details and mitigation steps are available through Microsoft’s official advisory and the ACSC Alert Service.
For more information or to subscribe to the ACSC’s Alert Service, visit cyber.gov.au
