[German]There are out-of-band updates (e.g., KB5070883 for Windows Server 2019) that Microsoft released on October 23, 2025. The purpose of these emergency updates is to close a critical vulnerability in WSUS. The remote execution vulnerability CVE-2025-59287 has been rated with a CVSS score of 9.8. OOB updates have been released for all server editions still available. Administrators should take action.
A readers tip on Out-of-Band Update KB5070883
Blog reader Markus K. already informed me today by email with the words "OOB for WSUS, I just came across it: KB5070883. It's probably quite time-sensitive if it's coming as OOB." Microsoft released the out-of-band update KB5070883 for Windows Server 2019 on October 23, 2025. The support article states that this out-of-band update contains fixes and quality improvements that are part of update KB5066586, which was already released for Windows Server 2019 on October 14, 2025.
Microsoft writes in the section "[Windows Server Update Services (WSUS)]" that the update fixes a security vulnerability related to remote code execution (RCE) that was identified in the WSUS reporting web services. For more information about the security fix, see CVE-2025-59287. For systems that have previous updates installed, only the new updates from the above package that are not yet present there will be downloaded and installed (as it is cumulative).
It is a known issue that WSUS does not display details about synchronization errors in its error reports after installing this update or later updates. This feature has been temporarily removed to address the security vulnerability "Remote Code Execution Vulnerability, CVE-2025-59287.".
Further OOB updates for Windows Server
Microsoft has released out-of-band update for all Windows Server versions currently supported. Here is the list of released OOB updates
- Windows Server 2025 (KB5070881)
- Windows Server Version 23H2 (KB5070881)
- Windows Server 2022 (KB5070884)
- Windows Server 2019 (KB5070883)
- Windows Server 2016 (KB5070882)
- Windows Server 2012 R2 (KB55070886)
- Windows Server 2012 ESU (KB5070887)
WSUS RCE vulnerability CVE-2025-59287
It is not entirely clear why Microsoft has now released the out-of-band update KB5070883 for Windows Server 2019 (and the other server versions). I already came across the following tweet on October 22, 2025, regarding the remote execution vulnerability VE-2025-59287 in WSUS.
The author of the tweet published the details in this blog post. CVE-2025-59287 is an RCE vulnerability that allows an unauthorized attacker to execute code over a network by deserializing untrusted data in the Windows Server Update Service.
The vulnerability has been rated with a CVSS 3.1 score of 9.8. German cyber security agency BSI has issued this current warning (criticality 2, warning level yellow), so the update should be installed promptly. In my opinion, the background to this is the above PoC.
From this point on, however, things become somewhat unclear, as all Windows Server versions on which WSUS is installed as a role are affected by the above vulnerability. On the other hand, Microsoft states in CVE-2025-59287 (where there is a detailed FAQ) that it will have patched the vulnerability in all Windows Server versions from Server 2012 to Server 2025 by October 14, 2025.
Vulnerability is being exploited
The vulnerability only affects servers on which WSUS is installed as a role – even though the update is offered and installed on all servers. It is now clear why there was an out-of-band update. The vulnerability patched on October 14, 2025, was apparently refined with the updates on October 23, 2025. The background to this is that, following the publication of the proof of concept, attacks are being carried out on unpatched WSUS instances, as Bleeping Computer reports here.
Similar articles:
Microsoft Security Update Summary (October 14, 2025)
Patchday: Windows 10/11 Updates (October 14, 2025)
Patchday: Windows Server-Updates (October 14, 2025)
Patchday: Microsoft Office Updates (October 14, 2025)
Thanks for the update on the WSUS vulnerability! It's crucial to keep our systems secure. Can you provide more details on the steps for applying these updates?