Microsoft has released monthly security update for their products:
| Vulnerable Product | Risk Level | Impacts | Notes |
| Azure | Medium Risk | Elevation of Privilege Remote Code Execution Spoofing |
|
| Windows |  Extremely High Risk |
Elevation of Privilege Information Disclosure Security Restriction Bypass Remote Code Execution Spoofing Denial of Service Data Manipulation |
CVE-2025-59230 is being exploited in the wild. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-24990 is being exploited in the wild. Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Proof of Concept exploit code is publicly available for CVE-2025-24052 . Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
CVE-2025-59287 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.
CVE-2025-47827 is being exploited in the wild. In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
CVE-2025-33073 is being exploited in the wild. Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. |
| Server Software |  Medium Risk |
Elevation of Privilege Spoofing |
|
| Developer Tools | Medium Risk |
Elevation of Privilege Information Disclosure Security Restriction Bypass |
|
| Extended Security Updates (ESU) | Extremely High Risk |
Elevation of Privilege Information Disclosure Remote Code Execution Spoofing Denial of Service Data Manipulation Security Restriction Bypass |
CVE-2025-59230 is being exploited in the wild. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-24990 is being exploited in the wild. Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Proof of Concept exploit code is publicly available for CVE-2025-24052 . Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
CVE-2025-59287 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.
CVE-2025-47827 is being exploited in the wild. In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. |
| System Center | Medium Risk |
Elevation of Privilege Denial of Service |
|
| Microsoft Office | Medium Risk |
Remote Code Execution Information Disclosure Denial of Service |
|
| SQL Server |  Low Risk |
Spoofing | |
| Apps | Medium Risk |
Elevation of Privilege Spoofing |
|
| Open Source Software | Low Risk |
Spoofing |
Number of ‘Extremely High Risk’ product(s): 2
Number of ‘High Risk’ product(s): 0
Number of ‘Medium Risk’ product(s): 6
Number of ‘Low Risk’ product(s): 2
Evaluation of overall ‘Risk Level’: Extremely High Risk
[Updated on 2025-10-21]
Updated Description.
[Updated on 2025-10-24]
Updated Description, Risk Level, Solutions and Related Links. Proof of Concept exploit code is publicly available for CVE-2025-59287. Hence, the risk level is rated from Medium Risk to High Risk.
[Updated on 2025-10-27]
Updated Description, Risk Level and Related Links. CVE-2025-59287 is being exploited in the wild. Hence, the risk level is rated from High Risk to Extremely High Risk.
