Microsoft Patch Tuesday October 2025

Published: 2025-10-14. Last Updated: 2025-10-14 17:55:39 UTC
by Johannes Ullrich (Version: 1)

I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft's cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight of the vulnerabilities are rated critical.

This month, Microsoft is discontinuing support for a number of different products:

Windows 10
Office 2016
Exchange Server 2016
Office 2019
Exchange Server 2019

Office and Exchange users are directed towards cloud and subscription offerings. For Office, you still have Office 2024 available if you would rather "own" the product. For Exchange, the Exchange Server Subscription Edition is available as of July.

Windows 10 users will have the option to sign up for "Extended Security Updates" (ESU). It has been offered as a low-cost alternative to retain security updates, and in some countries, it is offered for free.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET Elevation of Privilege Vulnerability
CVE-2025-55247	No	No	-	-	Important	7.3	6.4
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
CVE-2025-55248	No	No	-	-	Important	4.8	4.2
ASP.NET Security Feature Bypass Vulnerability
CVE-2025-55315	No	No	-	-	Important	9.9	8.6
Configuration Manager Elevation of Privilege Vulnerability
CVE-2025-55320	No	No	-	-	Important	6.7	5.8
CVE-2025-59213	No	No	-	-	Important	8.4	7.3
Copilot Spoofing Vulnerability
CVE-2025-59272	No	No	-	-	Critical	6.5	5.7
CVE-2025-59286	No	No	-	-	Critical	6.5	5.7
Data Sharing Service Spoofing Vulnerability
CVE-2025-59200	No	No	-	-	Important	7.7	6.7
Desktop Windows Manager Elevation of Privilege Vulnerability
CVE-2025-55681	No	No	-	-	Important	7.0	6.1
DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-55698	No	No	-	-	Important	7.7	6.7
DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-55678	No	No	-	-	Important	7.0	6.1
Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
CVE-2025-59282	No	No	-	-	Important	7.0	6.1
JDBC Driver for SQL Server Spoofing Vulnerability
CVE-2025-59250	No	No	-	-	Important	8.1	7.1
M365 Copilot Spoofing Vulnerability
CVE-2025-59252	No	No	-	-	Critical	6.5	5.7
MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder
CVE-2025-54957	No	No	-	-	Important	7.0	6.1
MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
CVE-2025-59489	No	No	-	-	Important	8.4	8.4
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2025-48004	No	No	-	-	Important	7.4	6.4
CVE-2025-59189	No	No	-	-	Important	7.4	6.4
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-58722	No	No	-	-	Important	7.8	6.8
CVE-2025-59254	No	No	-	-	Important	7.8	6.8
Microsoft Defender for Linux Denial of Service Vulnerability
CVE-2025-59497	No	No	-	-	Important	7.0	6.1
Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59235	No	No	-	-	Important	7.1	6.2
CVE-2025-59232	No	No	-	-	Important	7.1	6.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59231	No	No	-	-	Important	7.8	6.8
CVE-2025-59233	No	No	-	-	Important	7.8	6.8
CVE-2025-59236	No	No	-	-	Critical	8.4	7.3
CVE-2025-59243	No	No	-	-	Important	7.8	6.8
CVE-2025-59223	No	No	-	-	Important	7.8	6.8
CVE-2025-59224	No	No	-	-	Important	7.8	6.8
CVE-2025-59225	No	No	-	-	Important	7.8	6.8
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2025-53782	No	No	-	-	Important	8.4	7.3
CVE-2025-59249	No	No	-	-	Important	8.8	7.7
Microsoft Exchange Server Spoofing Vulnerability
CVE-2025-59248	No	No	-	-	Important	7.5	6.5
Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2025-47979	No	No	-	-	Important	5.5	4.8
CVE-2025-59188	No	No	-	-	Important	5.5	4.8
Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability
CVE-2025-59260	No	No	-	-	Important	5.5	4.8
Microsoft Graphics Component Denial of Service Vulnerability
CVE-2025-59195	No	No	-	-	Important	7.0	6.1
Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49708	No	No	-	-	Critical	9.9	8.6
Microsoft Office Denial of Service Vulnerability
CVE-2025-59229	No	No	-	-	Important	5.5	4.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234	No	No	-	-	Critical	7.8	6.8
CVE-2025-59227	No	No	-	-	Critical	7.8	6.8
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-59226	No	No	-	-	Important	7.8	6.8
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-59238	No	No	-	-	Important	7.8	6.8
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2025-59228	No	No	-	-	Important	8.8	7.7
CVE-2025-59237	No	No	-	-	Important	8.8	7.7
Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2025-58739	No	No	-	-	Important	6.5	5.7
CVE-2025-59214	No	No	-	-	Important	6.5	5.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-59221	No	No	-	-	Important	7.0	6.1
CVE-2025-59222	No	No	-	-	Important	7.8	6.8
NTLM Hash Disclosure Spoofing Vulnerability
CVE-2025-59185	No	No	-	-	Important	6.5	5.7
CVE-2025-59244	No	No	-	-	Important	6.5	5.7
Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability
CVE-2025-59201	No	No	-	-	Important	7.8	6.8
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability
CVE-2025-55696	No	No	-	-	Important	7.8	6.8
Playwright Spoofing Vulnerability
CVE-2025-59288	No	No	-	-	Moderate	5.3	4.9
PowerShell Elevation of Privilege Vulnerability
CVE-2025-25004	No	No	-	-	Important	7.3	6.4
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-58718	No	No	-	-	Important	8.8	7.7
Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2025-58737	No	No	-	-	Important	7.0	6.1
Remote Procedure Call Denial of Service Vulnerability
CVE-2025-59502	No	No	-	-	Moderate	7.5	6.5
Software Protection Platform (SPP) Elevation of Privilege Vulnerability
CVE-2025-59199	No	No	-	-	Important	7.8	6.8
Storage Spaces Direct Information Disclosure Vulnerability
CVE-2025-59184	No	No	-	-	Important	5.5	4.8
Storport.sys Driver Elevation of Privilege Vulnerability
CVE-2025-59192	No	No	-	-	Important	7.8	6.8
Virtual Secure Mode Spoofing Vulnerability
CVE-2025-48813	No	No	-	-	Important	6.3	5.5
Visual Studio Elevation of Privilege Vulnerability
CVE-2025-55240	No	No	-	-	Important	7.3	6.4
Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability
CVE-2025-59258	No	No	-	-	Important	6.2	5.4
Windows Agere Modem Driver Elevation of Privilege Vulnerability
CVE-2025-24990	No	Yes	-	-	Important	7.8	7.2
CVE-2025-24052	Yes	No	-	-	Important	7.8	7.0
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-59242	No	No	-	-	Important	7.8	6.8
CVE-2025-58714	No	No	-	-	Important	7.8	6.8
Windows Authentication Elevation of Privilege Vulnerability
CVE-2025-55701	No	No	-	-	Important	7.8	6.8
CVE-2025-59277	No	No	-	-	Important	7.8	6.8
CVE-2025-59275	No	No	-	-	Important	7.8	6.8
CVE-2025-59278	No	No	-	-	Important	7.8	6.8
Windows BitLocker Security Feature Bypass Vulnerability
CVE-2025-55333	No	No	-	-	Important	6.1	5.3
CVE-2025-55338	No	No	-	-	Important	6.1	5.3
CVE-2025-55330	No	No	-	-	Important	6.1	5.3
CVE-2025-55332	No	No	-	-	Important	6.1	5.3
CVE-2025-55337	No	No	-	-	Important	6.1	5.3
CVE-2025-55682	No	No	-	-	Important	6.1	5.3
Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2025-58728	No	No	-	-	Important	7.8	6.8
CVE-2025-59290	No	No	-	-	Important	7.8	6.8
CVE-2025-59289	No	No	-	-	Important	7.0	6.1
Windows COM+ Event System Service Elevation of Privilege Vulnerability
CVE-2025-58725	No	No	-	-	Important	7.0	6.1
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-55680	No	No	-	-	Important	7.8	6.8
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVE-2025-55336	No	No	-	-	Important	5.5	4.8
Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability
CVE-2025-55326	No	No	-	-	Important	7.5	6.5
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2025-58719	No	No	-	-	Important	4.7	4.1
CVE-2025-58727	No	No	-	-	Important	7.0	6.1
CVE-2025-59191	No	No	-	-	Important	7.8	6.8
Windows Cryptographic Services Information Disclosure Vulnerability
CVE-2025-58720	No	No	-	-	Important	7.8	6.8
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-59255	No	No	-	-	Important	7.8	6.8
Windows Device Association Broker Service Elevation of Privilege Vulnerability
CVE-2025-50174	No	No	-	-	Important	7.0	6.1
CVE-2025-55677	No	No	-	-	Important	7.8	6.8
Windows Digital Media Elevation of Privilege Vulnerability
CVE-2025-53150	No	No	-	-	Important	7.8	6.8
CVE-2025-50175	No	No	-	-	Important	7.8	6.8
Windows ETL Channel Information Disclosure Vulnerability
CVE-2025-59197	No	No	-	-	Important	5.5	4.8
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2025-55692	No	No	-	-	Important	7.8	6.8
CVE-2025-55694	No	No	-	-	Important	7.8	6.8
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-59205	No	No	-	-	Important	7.0	6.1
CVE-2025-59261	No	No	-	-	Important	7.0	6.1
Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
CVE-2025-59241	No	No	-	-	Important	7.8	6.8
Windows Hello Security Feature Bypass Vulnerability
CVE-2025-53139	No	No	-	-	Important	7.7	6.7
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2025-55328	No	No	-	-	Important	7.8	6.8
Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-59207	No	No	-	-	Important	7.8	6.8
CVE-2025-50152	No	No	-	-	Important	7.8	6.8
CVE-2025-55693	No	No	-	-	Important	7.4	6.4
CVE-2025-59187	No	No	-	-	Important	7.8	6.8
CVE-2025-59194	No	No	-	-	Important	7.0	6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2025-59186	No	No	-	-	Important	5.5	4.8
CVE-2025-55679	No	No	-	-	Important	5.1	4.5
CVE-2025-55683	No	No	-	-	Important	5.5	4.8
CVE-2025-55699	No	No	-	-	Important	5.5	4.8
Windows Kernel Security Feature Bypass Vulnerability
CVE-2025-55334	No	No	-	-	Important	6.2	5.4
Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2025-59257	No	No	-	-	Important	6.5	5.7
CVE-2025-59259	No	No	-	-	Important	6.5	5.7
CVE-2025-58729	No	No	-	-	Important	6.5	5.7
Windows Management Services Elevation of Privilege Vulnerability
CVE-2025-59193	No	No	-	-	Important	7.0	6.1
Windows Management Services Information Disclosure Vulnerability
CVE-2025-59204	No	No	-	-	Important	5.5	4.8
Windows MapUrlToZone Information Disclosure Vulnerability
CVE-2025-59208	No	No	-	-	Important	7.1	6.2
Windows NTFS Elevation of Privilege Vulnerability
CVE-2025-55335	No	No	-	-	Important	7.4	6.4
Windows NTLM Spoofing Vulnerability
CVE-2025-59284	No	No	-	-	Important	3.3	2.9
Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability
CVE-2025-55339	No	No	-	-	Important	7.8	6.8
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2025-55685	No	No	-	-	Important	7.0	6.1
CVE-2025-55686	No	No	-	-	Important	7.0	6.1
CVE-2025-55689	No	No	-	-	Important	7.0	6.1
CVE-2025-55331	No	No	-	-	Important	7.0	6.1
CVE-2025-55684	No	No	-	-	Important	7.0	6.1
CVE-2025-55688	No	No	-	-	Important	7.0	6.1
CVE-2025-55690	No	No	-	-	Important	7.0	6.1
CVE-2025-55691	No	No	-	-	Important	7.0	6.1
Windows Push Notification Information Disclosure Vulnerability
CVE-2025-59211	No	No	-	-	Important	5.5	4.8
CVE-2025-59209	No	No	-	-	Important	5.5	4.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-59230	No	Yes	-	-	Important	7.8	7.2
Windows Remote Desktop Protocol Security Feature Bypass
CVE-2025-55340	No	No	-	-	Important	7.0	6.1
Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-59202	No	No	-	-	Important	7.0	6.1
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59206	No	No	-	-	Important	7.4	6.4
CVE-2025-59210	No	No	-	-	Important	7.4	6.4
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2025-55687	No	No	-	-	Important	7.4	6.4
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-55700	No	No	-	-	Important	6.5	5.7
CVE-2025-58717	No	No	-	-	Important	6.5	5.7
Windows SMB Client Tampering Vulnerability
CVE-2025-59280	No	No	-	-	Important	3.1	2.7
Windows SMB Server Elevation of Privilege Vulnerability
CVE-2025-58726	No	No	-	-	Important	7.5	6.5
Windows Search Service Denial of Service Vulnerability
CVE-2025-59190	No	No	-	-	Important	5.5	4.8
CVE-2025-59198	No	No	-	-	Important	5.0	4.4
CVE-2025-59253	No	No	-	-	Important	5.5	4.8
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
CVE-2025-59287	No	No	-	-	Critical	9.8	8.5
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2025-59196	No	No	-	-	Important	7.0	6.1
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2025-58715	No	No	-	-	Important	8.8	7.7
CVE-2025-58716	No	No	-	-	Important	8.8	7.7
Windows State Repository API Server File Information Disclosure Vulnerability
CVE-2025-59203	No	No	-	-	Important	5.5	4.8
Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-55325	No	No	-	-	Important	5.5	4.8
Windows Taskbar Live Preview Information Disclosure Vulnerability
CVE-2025-59294	No	No	-	-	Important	2.1	1.9
Windows URL Parsing Remote Code Execution Vulnerability
CVE-2025-59295	No	No	-	-	Important	8.8	7.7
Windows USB Video Class System Driver Information Disclosure Vulnerability
CVE-2025-55676	No	No	-	-	Important	5.5	4.8
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
CVE-2025-53717	No	No	-	-	Important	7.0	6.1
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
CVE-2025-55695	No	No	-	-	Important	5.5	4.8
Xbox Gaming Services Elevation of Privilege Vulnerability
CVE-2025-59281	No	No	-	-	Important	7.8	6.8
Xbox IStorageService Elevation of Privilege Vulnerability
CVE-2025-53768	No	No	-	-	Important	7.8	6.8

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: microsoft patch tuesday

0 comment(s)

Internet Storm Center

Microsoft Patch Tuesday October 2025

Comments