Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Italian Spanish
Search
LECS 320x100 1
Crowdstriker 970×120
WSUS security update has broken hotpatches on Windows Server 2025

WSUS security update has broken hotpatches on Windows Server 2025

Redazione RHC : 3 November 2025 22:47

A breakthrough patch fixed a security flaw in the Windows Server Update Service (WSUS), but apparently caused hotpatching to stop working on certain Windows Server 2025 servers.

Microsoft Hotpatch is a technology developed by Microsoft that allows you to apply security updates to Windows machines without requiring a system reboot . It was initially introduced for Windows Server Azure Edition , but Microsoft is gradually extending it to other versions of Windows, including desktop versions (in an experimental phase).

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered U.S. government agencies to secure their systems after including this vulnerability in its KEV catalog.

Currently, the Internet monitoring group Shadowserver is tracking over 2,600 online instances of WSUS using the default ports ( 8530/8531 ), however it has not disclosed how many are already protected.

Unfortunately, the emergency update is causing this issue, and this comes after several cybersecurity firms confirmed that the critical severity flaw CVE-2025-59287 allowed Remote Code Execution (RCE) and that exploits are online .

“A very limited number of machines registered for Hotpatch received the update before the issue was resolved. The update is now available only to machines that are not registered to receive Hotpatch updates,” Microsoft says . “This issue only affects Windows Server 2020 devices and virtual machines (VMs) registered to receive Hotpatch updates.”

Microsoft has stopped distributing update KB5070881 for Hotpatch-enrolled Windows Server 2022 devices. Users who have already installed the update will no longer be covered by the Hotpatch updates scheduled for November and December.

Administrators who have downloaded the buggy update, but have not yet deployed it, have the option to resolve the issue by installing security update KB5070893.

This update, released one day after KB5070881, was specifically designed to address the CVE-2025-59287 vulnerability without impacting hotpatching. To proceed, go to Settings, then Windows Update, and select the Pause updates option. Administrators must then re-enable updates and manually check for available updates to get the correct one.

Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli