CERT-EU-SA2025-040 Critical Vulnerability in Windows Server Update Service (WSUS) — CERT-EU-SA2025-040
CERT-EU · CERT-EU · CERT-EU-SA2025-040
ID
CERT-EU-SA2025-040
CERT-EU-SA2025-040
Date
Activity
Source
CERT-EU
CERT-EU
Vendor
CERT-EU
CERT-EU
Threat
critical
critical
Summary
On October 23, 2025, Microsoft released an out-of-band update to address a critical vulnerability in Windows Server Update Service (WSUS). This vulnerability could allow a remote unauthenticated attacker to execute code on the targeted systems. A proof-of-concept is publicly available for this vulnerability. It is recommended to update as soon as possible.
Product
Security advisory
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.