"When installingKB5070879 or later updates, Windows Server Update Services (WSUS) does not display synchronization error details in its error reporting. This functionality is temporarily removed to address the Remote Code Execution (RCE) vulnerability, CVE-2025-59287. If left unpatched, this could lead to deserialization of Microsoft patch data and subsequent arbitrary remote code execution. Major revisions and mitigations Microsoft published several documentation and patch related updates after October's Patch Tuesday, including:"
"CVE-2025-55315: ASP.NET Security Feature Bypass Vulnerability. Microsoft has updated the documentation for this update to reflect the increased level of severity. Hey, some justification is required when Microsoft bumped this update from a CVSS3.1 score of 9.9 to the highest possible rating of 10.0. For those who are not familiar with the CVSS3.1 rating, there is a handy calculator that combines a base score, a temporal factor and the target environment. For those in a hurry, a CVSS3.1 score of 10.0 means " not good.""
Installing KB5070879 or later causes Windows Server Update Services (WSUS) to stop displaying synchronization error details. The error-reporting functionality is temporarily removed to address a Remote Code Execution (RCE) vulnerability, CVE-2025-59287, which could enable deserialization of Microsoft patch data and arbitrary remote code execution if unpatched. Microsoft published documentation and patch updates after October's Patch Tuesday, including fixes for CVE-2025-25004 (PowerShell elevation of privilege), CVE-2025-59287 (WSUS RCE) with out-of-band patches and known issues, and CVE-2025-55315 (ASP.NET security feature bypass) whose severity was increased to CVSS3.1 10.0. Windows 11 23H2 servicing ended for Home and Pro; LTSC remains supported until Oct. 9, 2029.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]