Endpoint VulnerabilityMicrosoft Windows Server Update Service CVE-2025-59287 Remote Code Execution Vulnerability
Description
Microsoft Security Update to address the remote code execution vulnerability found in Windows Server 2019, Windows Server 2016, Windows Server 2012, Windows Server 2022, Windows Server 2025
Outbreak Alert
This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist groups. The vulnerabilities listed are suspected to be exploited by actors associated with Iran in real-world campaigns, consistent with observed tactics, techniques, and procedures (TTPs). Iran-linked operations continue to rely on distributed, lower-complexity techniques, including phishing, DDoS, data exfiltration, and destructive attacks. Initial access is primarily achieved through exploitation of known, unpatched vulnerabilities and exposed edge infrastructure, reflecting a persistent and opportunistic threat posture targeting government, critical infrastructure, and enterprise environments.
Affected Applications
Windows Server 2019
Windows Server 2016
Windows Server 2012
Windows Server 2022
Windows Server 2025
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2025-10-14 | 1.00921 |
New
|
Windows Server 2019,Windows Server 2016,Windows Server 2012,Windows Server 2022,Windows Server 2025 |
| ID | 87411 |
| Created | Oct 14, 2025 |
| Description Updated |
Oct 14, 2025 |
| CVE ID | |
| Tags | Iran-linked Cyber Attacks Threat Signal |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows Server 2019 , Windows Server 2016 , Windows Server 2012 , Windows Server 2022 , Windows Server 2025 |