Hackers exploit critical Windows update flaw; servers at risk worldwide

A newly discovered security breach in Microsoft’s Windows Server Update Services (WSUS) has raised alarm across the global tech community, after researchers confirmed that the notorious ShadowPad malware is actively exploiting a recently patched vulnerability, identified as CVE-2025-59287.

According to cybersecurity experts, attackers are using this flaw to infiltrate the Windows Server Update system, an essential tool organisations use to manage and distribute software updates across their networks. Once inside, the attackers establish remote control through PowerShell, install additional malware, and operate silently while stealing sensitive data.

Researchers warn that ShadowPad functions covertly, loading modular components designed to expand its capabilities and evade detection. The malware’s ability to move laterally and remain hidden makes it particularly dangerous.

WIDESPREAD AND SERIOUS RISKS

Experts say the vulnerability poses multiple high-impact threats, including but not limited to:

• Complete server takeover: The flaw not only grants initial access but enables attackers to gain full control over WSUS. This can lead to data theft, unauthorized software installation, or further compromise of internal systems.
• Critical infrastructure at risk: Organizations around the world, including major corporations, banks, and government agencies, depend on Windows Server Update Services, making the reach of this vulnerability extensive and severe.
• Trusted systems targeted: The incident highlights a troubling trend: attackers are now focusing on the very systems designed to keep organisations secure and up-to-date.

URGENT RECOMMENDATIONS FOR ORGANISATIONS

Security experts have issued immediate guidance to minimize risks:

• Verify that all servers have the latest security patches installed.
• Restrict unnecessary access and isolate update servers within segmented network zones.
• Monitor for unusual behavior, including suspicious PowerShell commands and system activity.
• Maintain up-to-date security tools to detect and respond to emerging threats quickly.

Experts said that this attack marks a significant shift in cyber-criminal strategy, underscoring the need for increased vigilance. As trusted internal systems become new targets, organisations must strengthen server defenses to prevent large-scale breaches.