Attackers bypass patch in deprecated Windows Server update tool | CyberScoop<\/title> <meta name=\"description\" content=\"Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-windows-server-update-services-vulnerability-exploited-attacks\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Attackers bypass patch in deprecated Windows Server update tool\"> <meta property=\"og:description\" content=\"Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-windows-server-update-services-vulnerability-exploited-attacks\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-10-27T20:03:21+00:00\"> <meta property=\"article:modified_time\" content=\"2025-10-27T20:03:24+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1759256725g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1761070183g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86500\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86500\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-windows-server-update-services-vulnerability-exploited-attacks%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-windows-server-update-services-vulnerability-exploited-attacks%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86500 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-windows-server-update-services-vulnerability-exploited-attacks\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.968539325843\">\n<div class=\"single-article__header-content\" readability=\"35.4275\">\n<p> Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/86500\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-2.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (Photo by John Smith\/VIEWpress\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"45.132869190037\"><body readability=\"94.159177285938\"><\/p>\n<p>Attackers are actively exploiting a critical vulnerability in Windows Server Update Services, bypassing a patch Microsoft issued earlier this month that failed to mitigate the issue affecting software versions dating back to 2012. <\/p>\n<p>Microsoft released an emergency, out-of-band security update for <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59287\">CVE-2025-59287<\/a> on Thursday. Multiple research firms detected in-the-wild exploitation by Friday, yet Microsoft has yet to confirm exploitation occurred as of this article\u2019s publication.<\/p>\n<p>The reinvigorated risk posed by a previously disclosed and addressed vulnerability underscores how quickly defenders and attackers amass resources in tight windows. Researchers observed proof-of-concept exploits and active exploitation within hours of Microsoft\u2019s emergency patch release.<\/p>\n<p>This vulnerability shows how simple and trivial exploitation is once an attack script is publicly available, John Hammond, principal security researcher at Huntress, told CyberScoop. \u201cIt\u2019s always an attack of opportunity \u2014 just kind of spray-and-pray, and see whatever access a criminal can get their hands on.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Cybersecurity and Infrastructure Security Agency added the remote-code execution defect to its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\">known exploited vulnerabilities catalog<\/a> Friday and issued an <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2025\/10\/24\/microsoft-releases-out-band-security-update-mitigate-windows-server-update-service-vulnerability-cve\">alert urging organizations to apply the patch<\/a> and follow <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2025-59287\">Microsoft\u2019s mitigation guidance<\/a>. <\/p>\n<p>\u201cWe re-released this CVE after identifying that the initial update did not fully mitigate the issue. Customers who have installed the latest updates are already protected,\u201d a Microsoft spokesperson said in a statement. The vendor did not say when nor how it determined the previous patch could be bypassed.<\/p>\n<p>The number of organizations already impacted or potentially exposed to attacks remains under investigation, but Shadowserver said it found more than 2,800 instances of Windows Server Update Services with ports 8530 and 8531 exposed to the internet \u2014 a requirement for exploitation. About 28% of those exposed instances were based in the United States as of Friday.<\/p>\n<p>\u201cExploitation of this flaw is indiscriminate. If an unpatched Windows Server Update Services instance is online, at this stage it has likely already been compromised,\u201d Ben Harris, founder and CEO at watchTowr, said in an email. \u201cThis isn\u2019t limited to low-risk environments \u2014 some of the affected entities are exactly the types of targets attackers prioritize.\u201d<\/p>\n<p>Huntress has observed five active attacks linked to CVE-2025-59287. Hammond said Huntress has only observed the beginning stages of exploitation, including a network administrator command to get a lay of the land, enumerate the environment and exfiltrate that information to an outside location. \u201cThere has not been any more malicious impact from that,\u201d he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Windows Server Update Services runs one of the highest privileges in a Windows server environment, so attackers that exploit CVE-2025-59287 \u201cowned that machine that is fully compromised,\u201d Hammond said. <\/p>\n<p>The risk of compromise could extend to \u201csome potential supply-chain shenanigans just opening the door with this opportunity,\u201d he added. Attackers could push downstream updates to other connected hosts or computers that are waiting to receive new configurations or changes from that central server, according to Hammond.<\/p>\n<p>Palo Alto Networks\u2019 Unit 42 incident response team concurred with that assessment. \u201cBy compromising this single server, an attacker can take over the entire patch distribution system,\u201d Justin Moore, senior manager of threat intel research at Unit 42, said in an email. <\/p>\n<p>\u201cWith no authentication, they can gain system-level control and execute a devastating internal supply chain attack,\u201d Moore added. \u201cThey can push malware to every workstation and server in the organization, all disguised as a legitimate Microsoft update. This turns the trusted service into a weapon of mass distribution.\u201d<\/p>\n<p>Microsoft and researchers tracking the vulnerability consistently noted that Windows Server Update Services should never be publicly exposed to the internet. Attackers can\u2019t exploit the unauthenticated vulnerability in Windows Server Update Services instances that block inbound traffic from the public internet.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft deprecated Windows Server Update Services in September, noting that it continues to support the software update distribution tool but it is no longer actively developed or slated for new features.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.8944\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/10\/attackers-bypass-patch-in-deprecated-windows-server-update-tool-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-windows-server-update-services-vulnerability-exploited-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers bypass patch in deprecated Windows Server update tool |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,452,5313,1766,625,715,2880,288,183,2281,703,2390,5199,212],"tags":[86,454,5314,1771,630,720,2882,294,207,2283,705,2394,5200,214],"class_list":["post-8111","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-huntress","category-known-exploited-vulnerabilities-kev","category-microsoft","category-palo-alto-networks","category-shadowserver","category-threats","category-unit-42","category-vulnerability","category-vulnerability-disclosure","category-vulnerability-management","category-watchtowr","category-windows","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-huntress","tag-known-exploited-vulnerabilities-kev","tag-microsoft","tag-palo-alto-networks","tag-shadowserver","tag-threats","tag-unit-42","tag-vulnerability","tag-vulnerability-disclosure","tag-vulnerability-management","tag-watchtowr","tag-windows"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/huntress\/\" rel=\"category tag\">Huntress<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shadowserver\/\" rel=\"category tag\">Shadowserver<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-management\/\" rel=\"category tag\">Vulnerability Management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr\/\" rel=\"category tag\">watchTowr<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/windows\/\" rel=\"category tag\">Windows<\/a>","tag_info":"Windows","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8111"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8111\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8111,"date":"2025-10-27T15:03:21","date_gmt":"2025-10-27T20:03:21","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86500"},"modified":"2025-10-27T15:03:21","modified_gmt":"2025-10-27T20:03:21","slug":"attackers-bypass-patch-in-deprecated-windows-server-update-tool","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/10\/27\/attackers-bypass-patch-in-deprecated-windows-server-update-tool\/","title":{"rendered":"Attackers bypass patch in deprecated Windows Server update tool"},"content":{"rendered":"