Microsoft issues security update addressing critical vulnerability impacting Windows server services 

Oct 30, 2025 - 04:41 PM
oig-fda-cybersecurity

Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update Services that was not fully eradicated by a previous update, according to the Cybersecurity and Infrastructure Security Agency. CISA urged organizations to implement all actions in Microsoft’s guidance to mitigate the risk of cyberthreat actors obtaining remote access with system privileges.  

“Remote code execution vulnerabilities give an attacker the ability to take control of a victim’s system completely,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This is a serious issue that needs immediate attention for hospitals using the WSUS system.” 

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
ASPR releases cybersecurity module to conduct risk assessments 
The Administration for Strategic Preparedness and Response has released a new cybersecurity module for organizations to conduct risk assessments. The free…
Perspective
Staying Cyber Alert and Cyber Ready
Public
As the world has learned in recent years, today’s conflicts are fought with many weapons, and cyber warfare is an integral part of the arsenal.As of this…
Headline
FBI reminds of potentially malicious activity by Iranian cyber actors
The FBI is reminding critical infrastructure organizations to implement mitigations from a June 2025 fact sheet on potential actions by Iranian-affiliated…
Headline
CISA report updates findings on RESURGE malware attacks
The Cybersecurity and Infrastructure Security Agency Feb. 26 released a report that updates findings from last year on RESURGE malware used to gain covert…
Headline
Agencies issue guidance on exploitation of Cisco systems by cyber actors 
U.S. and international agencies Feb. 25 released guidance on protecting Cisco Software-defined Wide-area Networking systems from exploitation by malicious…
Headline
NSA issues guidelines on zero trust architecture
The National Security Agency has released two phases of its Zero Trust Implementation Guidelines for organizations to improve their zero trust architecture.…