Pakistan’s national cyber-incident response body, the Pakistan Computer Emergency Response Team (PKCERT), has raised the alarm over a critical security vulnerability in Microsoft Windows Server Update Services (WSUS). This software is essential for organizations to manage and distribute updates across their computer networks.
The vulnerability stems from an unsafe deserialization of the WSUS Authorisation Cookie, allowing attackers to send a corrupted cookie to the server. If the server processes this cookie without proper validation, an attacker can execute their malicious code remotely, facilitating total takeover of the server. PKCERT indicates that such actions require no authentication, meaning attackers can exploit this flaw without needing any credentials.
This vulnerability scores a critical 9.8 on the Common Vulnerability Scoring System, signaling a significant threat to both public and private organizations that use unpatched or publicly accessible Windows systems. A compromised WSUS could lead to widespread malware distribution, with potential to affect thousands of connected machines.
To mitigate the risk, PKCERT recommends that organizations apply Microsoft’s October 2025 out-of-band patch, temporarily block affected Internet ports, and strengthen their server security measures. Enhanced vigilance against suspicious cyber activities is also advised to protect organizational assets from unauthorized access.
For more information, please visit PKCERT’s advisory.