CISA and NSA issue urgent guidance to secure WSUS and Microsoft exchange servers

The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), in coordination with international partners, have issued critical guidance to organisations running on-premises or hybrid instances of Microsoft Exchange Server and Windows Server Update Services (WSUS) following active exploitation of a severe flaw. 

The guidance emphasises enforcing zero-trust principles, restricting administrative access, enforcing multifactor authentication, hardening transport and authentication protocols (TLS, HSTS, Kerberos, SMB), decommissioning outdated Exchange servers, and maintaining rigorous patching and security baselines.

 
Specifically, CISA updated its alert to include CVE‑2025‑59287, a newly patched remote code execution vulnerability in WSUS, and flagged several incident cases where attackers used SYSTEM-level processes and Base64-encoded PowerShell commands to compromise systems.

For organisations, this serves as a clear reminder that foundational infrastructure components (update services, messaging servers) remain prime targets and that rigorous hardening and monitoring are non-negotiable.