If October felt busy, it wasn’t your imagination. Microsoft pushed an out-of-band WSUS fix after exploitation appeared in the wild, an extortion wave invoked Oracle E-Business Suite with more smoke than confirmed fire, and the UK ICO reminded everyone that third-party risk is not theoretical with a £14m fine for Capita. Below is a quick summary of each story, followed by deeper dives, technical context, and action checklists you can put to work today.

At-a-Glance Summaries

• Microsoft WSUS Out-of-Band Patch
  Emergency update for a critical WSUS flaw following proof of concept and active exploitation. Patch now and validate your update chain.

• Clop’s Oracle E-Business Suite Extortion Emails
  Mass emails claim EBS data theft; links to FIN11-style operations reported, but confirmations of successful theft remain limited. Treat as security incidents until proven otherwise and verify July 2025 CPU coverage.

• UK ICO Fines Capita £14m
  Penalty tied to a 2023 breach affecting 6.6 million people. Regulators are signaling that weak supplier controls and slow containment carry real costs.

Microsoft WSUS Out-of-Band Patch: What to Do Now

Executive summary.
Microsoft shipped an emergency fix in late October for a critical Windows Server Update Services flaw after proof of concept and active exploitation emerged. Admins should patch immediately and validate downstream update chains.

What happened.
In the wake of October Patch Tuesday, Microsoft issued an out-of-band update addressing a critical WSUS issue linked to remote code execution and broad attack paths. Third-party reporting confirmed exploitation in the wild and rapid PoC circulation.

Technical detail.
Indicators point to unauthenticated RCE paths via WSUS handling. Admin guidance stresses installing the latest cumulative update for supported Windows Server releases and rebooting. Where WSUS is not required, temporarily disable or restrict inbound reachability while maintenance windows are arranged.

Compliance angle.
Change and vulnerability management expectations under FTC Safeguards, HIPAA Security Rule, and NIS2 require timely remediation of actively exploited flaws. Maintain evidence of deployment, testing, and rollback plans.

Remediation checklist.

• Patch WSUS on all supported Windows Server editions and reboot

• Validate client update sync, catalog integrity, and downstream servers

• Restrict WSUS exposure to management networks and enforce TLS

• Add detections for suspicious WSUS admin activity and package tampering

References.

• MSRC Security Update Guide RSS note on WSUS OOB update, Oct 2025

• The Hacker News coverage, 2025-10-24

• TechRadar Pro brief, 2025-10-24

Clop’s Oracle E-Business Suite Extortion Emails: Signal vs Noise

Executive summary.
A high-volume extortion wave hit executives claiming Oracle EBS data theft. Mandiant notes links to FIN11-style operations, but confirmations of actual theft are limited. Oracle points to July CPU patches as relevant.

What happened.
Beginning late September, extortionists emailed leaders at many firms asserting EBS breaches and demanding payment. Reporting captured samples and statements from Mandiant and Oracle.

Technical detail.
The campaign leveraged compromised sender accounts and referenced Oracle EBS. Oracle’s CSO indicated likely abuse of vulnerabilities patched in the July 2025 Critical Patch Update.

Compliance angle.
Incident classification matters. Without confirmed access, treat these as security incidents, not breaches, until investigation. Maintain logs, analyze EBS access, and prepare regulator-ready timelines if evidence of compromise emerges.

Remediation checklist.

• Confirm July 2025 CPU or later is applied across EBS tiers

• Review EBS audit logs for mass export or unusual user behavior

• Run targeted compromise assessment on EBS hosts and databases

• Stage communications for exec-level extortion attempts

References.

• BleepingComputer, 2025-10-01

• Oracle Security blog note referenced in coverage

UK ICO Fines Capita £14m: Third-Party Risk Has Teeth

Executive summary.
The ICO fined Capita £14m over a 2023 attack that exposed data for 6.6 million people. The message is clear. Weak supplier controls and slow containment can be expensive.

What happened.
On 2025-10-21, the ICO announced a combined £14m penalty against Capita entities for security failures tied to the 2023 incident.

Technical detail.
The investigation cited inadequate controls and long containment windows. Exposed data included special category information.

Compliance angle.
Under UK GDPR and, for certain entities, NIS2, regulators are evaluating supply-chain security evidence and incident response speed with increasing rigor.

Remediation checklist.

• Re-assess data processor contracts and ongoing monitoring

• Tighten privileged access and logging for managed service connections

• Drill tabletop exercises with third-party outage and breach scenarios

• Ensure timely breach notification decisioning and evidence capture

References.

• UK ICO press notice, 2025-10-21

• Financial Times coverage, 2025-10-21

Closing Thought

Patch with urgency, triage extortion with discipline, and pressure-test third-party controls before regulators do it for you. If you want help prioritizing the next two weeks of work, we can map these actions to your environment and produce evidence artifacts your auditors will actually appreciate.