Microsoft Monthly Security Update – 15 October 2025

In Cyber Security by Matsco Engineering Team

 

Microsoft has released a security advisory on the 15th of October 2025 in line with their regular monthly patch schedule which includes a number of updates to address vulnerabilities in eight (8) medium risk and two (2) low risk products. 

These updates address vulnerabilities which may impact services through Remote Code Execution, Denial of Service, Data Manipulation, Information Disclosure, Security Restriction Bypass, Elevation of Privilege, and Spoofing. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • .NET
  • .NET, .NET Framework, Visual Studio
  • Active Directory Federation Services
  • Agere Windows Modem Driver
  • ASP.NET Core
  • Azure Connected Machine Agent
  • Azure Entra ID
  • Azure Local
  • Azure Monitor
  • Azure Monitor Agent
  • Azure PlayFab
  • Confidential Azure Container Instances
  • Connected Devices Platform Service (Cdpsvc)
  • Copilot
  • Data Sharing Service Client
  • GitHub
  • Inbox COM Objects
  • Internet Explorer
  • JDBC Driver for SQL Server
  • Microsoft Brokering File System
  • Microsoft Configuration Manager
  • Microsoft Defender for Linux
  • Microsoft Exchange Server
  • Microsoft Failover Cluster Virtual Driver
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Visio
  • Microsoft Office Word
  • Microsoft PowerShell
  • Microsoft Windows
  • Microsoft Windows Search Component
  • Microsoft Windows Speech
  • Network Connection Status Indicator (NCSI)
  • NtQueryInformation Token function (ntifs.h)
  • Redis Enterprise
  • Remote Desktop Client
  • Software Protection Platform (SPP)
  • Storport.sys Driver
  • Virtual Secure Mode
  • Visual Studio
  • Windows Ancillary Function Driver for WinSock
  • Windows Authentication Methods
  • Windows BitLocker
  • Windows Bluetooth Service
  • Windows Cloud Files Mini Filter Driver
  • Windows COM
  • Windows Connected Devices Platform Service
  • Windows Core Shell
  • Windows Cryptographic Services
  • Windows Device Association Broker service
  • Windows Digital Media
  • Windows DirectX
  • Windows DWM
  • Windows DWM Core Library
  • Windows Error Reporting
  • Windows ETL Channel
  • Windows Failover Cluster
  • Windows File Explorer
  • Windows Health and Optimized Experiences Service
  • Windows Hello
  • Windows High Availability Services
  • Windows Hyper-V
  • Windows Kernel
  • Windows Local Session Manager (LSM)
  • Windows Management Services
  • Windows MapUrlToZone
  • Windows NDIS
  • Windows NTFS
  • Windows NTLM
  • Windows PrintWorkflowUserSvc
  • Windows Push Notification Core
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop
  • Windows Remote Desktop Protocol
  • Windows Remote Desktop Services
  • Windows Remote Procedure Call
  • Windows Resilient File System (ReFS)
  • Windows Resilient File System (ReFS) Deduplication Service
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Server Update Service
  • Windows SMB Client
  • Windows SMB Server
  • Windows SSDP Service
  • Windows StateRepository API
  • Windows Storage Management Provider
  • Windows Taskbar Live
  • Windows USB Video Driver
  • Windows Virtualization-Based Security (VBS) Enclave
  • Windows WLAN Auto Config Service
  • Xbox
  • XBox Gaming Services

 

CVE-2025-59230 is being exploited in the wild and improper access controls in Windows Remote Access Connection Manager allows an authorised attacker to elevate privileges locally.

CVE-2025-24990 is being exploited in the wild and Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. The driver has been removed in the October cumulative update.

Proof of Concept exploit code is publicly available for CVE-2025-24052 

CVE-2025-47827 is being exploited in the wild and in IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature.

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post