Windows Server 2025 is currently vulnerable to a Remote Code Execution exploit through the Windows Update Service, with Microsoft yet to provide a complete fix. Reports indicate that a prior attempt to patch the vulnerability failed to prevent exploitation, and this contradicts Microsoft’s claim that the issue hadn’t been publicly disclosed.
The exploit, similar to previous issues with SharePoint, affects PowerShell capabilities, allowing hackers to execute commands and conduct network reconnaissance. They have been identified exfiltrating information to a specific endpoint. Experts, such as Trend Micro’s Dustin Childs, have raised concerns that a partial fix could mislead organizations into a false sense of security.
In response, Microsoft has suggested disabling the WSUS Server Role and blocking specific ports to mitigate risk. However, repeated reports of ongoing exploitation suggest that the alleged patch introduced on October 23rd has not resolved the issue. As a precaution, users are encouraged to disable the Windows Server Update Service until a full resolution is confirmed.
For more information, see the official Microsoft documentation that compiles details on addressing this vulnerability.