Microsoft Ekim 2025 Patch Tuesday: 6 Zero-Day, 172 Zafiyet Kapatıldı

Microsoft bu ay yayınladığı Patch Tuesday güncellemeleri ile 6 adet zero-day güvenlik açığı ve toplam 172 zafiyeti kapattı.

Kapatılan zafiyetler aşağıdaki gibi:

• 80 Elevation of Privilege Vulnerabilities
• 11 Security Feature Bypass Vulnerabilities
• 31 Remote Code Execution Vulnerabilities
• 28 Information Disclosure Vulnerabilities
• 11 Denial of Service Vulnerabilities
• 10 Spoofing Vulnerabilities

6 Adet Zero-Day Kapatıldı

CVE-2025-24990 – Windows Agere Modem Driver Elevation of Privilege Vulnerability

CVE-2025-59230 – Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2025-47827 – MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11

CVE-2025-0033 – AMD CVE-2025-0033: RMP Corruption During SNP Initialization

CVE-2025-24052 – Windows Agere Modem Driver Elevation of Privilege Vulnerability

CVE-2025-2884 – Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

Ekim 2025 Patch Tuesday Güvenlik Güncellemelerinin Tam Listesi

TagCVE IDCVE TitleSeverity.NETCVE-2025-55247.NET Elevation of Privilege VulnerabilityImportant.NET, .NET Framework, Visual StudioCVE-2025-55248.NET, .NET Framework, and Visual Studio Information Disclosure VulnerabilityImportantActive Directory Federation ServicesCVE-2025-59258Windows Active Directory Federation Services (ADFS) Information Disclosure VulnerabilityImportantAgere Windows Modem DriverCVE-2025-24990Windows Agere Modem Driver Elevation of Privilege VulnerabilityImportantAgere Windows Modem DriverCVE-2025-24052Windows Agere Modem Driver Elevation of Privilege VulnerabilityImportantAMD Restricted Memory PageCVE-2025-0033AMD CVE-2025-0033: RMP Corruption During SNP InitializationCriticalASP.NET CoreCVE-2025-55315ASP.NET Security Feature Bypass VulnerabilityImportantAzure Connected Machine AgentCVE-2025-47989Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportantAzure Connected Machine AgentCVE-2025-58724Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportantAzure Entra IDCVE-2025-59218Azure Entra ID Elevation of Privilege VulnerabilityCriticalAzure Entra IDCVE-2025-59246Azure Entra ID Elevation of Privilege VulnerabilityCriticalAzure LocalCVE-2025-55697Azure Local Elevation of Privilege VulnerabilityImportantAzure MonitorCVE-2025-55321Azure Monitor Log Analytics Spoofing VulnerabilityCriticalAzure Monitor AgentCVE-2025-59285Azure Monitor Agent Elevation of Privilege VulnerabilityImportantAzure Monitor AgentCVE-2025-59494Azure Monitor Agent Elevation of Privilege VulnerabilityImportantAzure PlayFabCVE-2025-59247Azure PlayFab Elevation of Privilege VulnerabilityCriticalConfidential Azure Container InstancesCVE-2025-59292Azure Compute Gallery Elevation of Privilege VulnerabilityCriticalConfidential Azure Container InstancesCVE-2025-59291Confidential Azure Container Instances Elevation of Privilege VulnerabilityCriticalConnected Devices Platform Service (Cdpsvc)CVE-2025-59191Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportantConnected Devices Platform Service (Cdpsvc)CVE-2025-55326Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution VulnerabilityImportantConnected Devices Platform Service (Cdpsvc)CVE-2025-58719Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportantCopilotCVE-2025-59272Copilot Spoofing VulnerabilityCriticalCopilotCVE-2025-59252M365 Copilot Spoofing VulnerabilityCriticalCopilotCVE-2025-59286Copilot Spoofing VulnerabilityCriticalData Sharing Service ClientCVE-2025-59200Data Sharing Service Spoofing VulnerabilityImportantGamesCVE-2025-59489MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerabilityImportantGitHubCVE-2025-59288Playwright Spoofing VulnerabilityModerateInbox COM ObjectsCVE-2025-58735Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58732Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-59282Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58733Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58734Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58738Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58731Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58730Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInbox COM ObjectsCVE-2025-58736Inbox COM Objects (Global Memory) Remote Code Execution VulnerabilityImportantInternet ExplorerCVE-2025-59295Windows URL Parsing Remote Code Execution VulnerabilityImportantJDBC Driver for SQL ServerCVE-2025-59250JDBC Driver for SQL Server Spoofing VulnerabilityImportantMarinerCVE-2025-39943ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transferCriticalMarinerCVE-2025-39946tls: make sure to abort the stream if headers are bogusModerateMarinerCVE-2025-39942ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_sizeModerateMarinerCVE-2025-39951um: virtio_uml: Fix use-after-free after put_device in probeModerateMarinerCVE-2025-39932smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)ModerateMarinerCVE-2025-39949qed: Don’t collect too many protection override GRC elementsModerateMarinerCVE-2025-39937net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointerModerateMarinerCVE-2025-39955tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().ModerateMarinerCVE-2025-39895sched: Fix sched_numa_find_nth_cpu() if mask offlineModerateMarinerCVE-2025-11413GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-boundsModerateMarinerCVE-2025-11414GNU Binutils Linker elflink.c get_link_hash_entry out-of-boundsModerateMarinerCVE-2025-39938ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failedModerateMarinerCVE-2025-11495GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflowModerateMarinerCVE-2025-39934drm: bridge: anx7625: Fix NULL pointer dereference with early IRQModerateMarinerCVE-2025-39929smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error pathModerateMarinerCVE-2025-39945cnic: Fix use-after-free bugs in cnic_delete_taskImportantMarinerCVE-2025-39907mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC bufferCriticalMarinerCVE-2025-39913tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.ModerateMarinerCVE-2025-39952wifi: wilc1000: avoid buffer overflow in WID string configurationImportantMarinerCVE-2025-39940dm-stripe: fix a possible integer overflowModerateMarinerCVE-2025-39953cgroup: split cgroup_destroy_wq into 3 workqueuesModerateMarinerCVE-2023-53469af_unix: Fix null-ptr-deref in unix_stream_sendpage().ImportantMarinerCVE-2025-39914tracing: Silence warning when chunk allocation fails in trace_pid_writeModerateMarinerCVE-2025-39905net: phylink: add lock for serializing concurrent pl->phydev writes with resolverModerateMarinerCVE-2025-39920pcmcia: Add error handling for add_interval() in do_validate_mem()ModerateMarinerCVE-2025-39911i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error pathLowMarinerCVE-2025-39958iommu/s390: Make attach succeed when the device was surprise removedLowMarinerCVE-2025-8291ZIP64 End of Central Directory (EOCD) Locator record offset not checkedModerateMarinerCVE-2025-39957wifi: mac80211: increase scan_ies_len for S1GLowMarinerCVE-2025-46818Redis: Authenticated users can execute LUA scripts as a different userModerateMarinerCVE-2025-46817Lua library commands may lead to integer overflow and potential RCEImportantMarinerCVE-2022-50502mm: /proc/pid/smaps_rollup: fix no vma’s null-derefModerateMarinerCVE-2025-39944octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()ImportantMarinerCVE-2025-11234Qemu-kvm: vnc websocket handshake use-after-freeModerateMarinerCVE-2025-49844Redis Lua Use-After-Free may lead to remote code executionCriticalMarinerCVE-2025-10729Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVGImportantMarinerCVE-2025-39961iommu/amd/pgtbl: Fix possible race while increase page table levelModerateMarinerCVE-2025-61984ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)LowMarinerCVE-2025-46819Redis is vulnerable to DoS via specially crafted LUA scriptsModerateMarinerCVE-2025-37727Elasticsearch Insertion of sensitive information in log fileModerateMarinerCVE-2025-11412GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-boundsModerateMarinerCVE-2025-39931crypto: af_alg – Set merge to zero early in af_alg_sendmsgModerateMarinerCVE-2025-39933smb: client: let recv_done verify data_offset, data_length and remaining_data_lengthModerateMarinerCVE-2025-39947net/mlx5e: Harden uplink netdev access against device unbindModerateMarinerCVE-2025-61985ssh in OpenSSH before 10.1 allows the ‘’ character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.LowMarinerCVE-2025-10728Uncontrolled recursion in Qt SVG moduleImportantMarinerCVE-2025-39916mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()ModerateMarinerCVE-2025-39902mm/slub: avoid accessing metadata when pointer is invalid in object_err()ModerateMarinerCVE-2025-39923dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/eesModerateMarinerCVE-2025-39898e1000e: fix heap overflow in e1000_set_eepromCriticalMarinerCVE-2025-39925can: j1939: implement NETDEV_UNREGISTER notification handlerCriticalMarinerCVE-2025-39891wifi: mwifiex: Initialize the chan_stats array to zeroModerateMarinerCVE-2025-39927ceph: fix race condition validating r_parent before applying stateModerateMarinerCVE-2025-39901i40e: remove read access to debugfs filesImportantMarinerCVE-2025-39910mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc()CriticalMarinerCVE-2025-39909mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()ModerateMicrosoft Brokering File SystemCVE-2025-48004Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantMicrosoft Brokering File SystemCVE-2025-59189Microsoft Brokering File System Elevation of Privilege VulnerabilityImportantMicrosoft Configuration ManagerCVE-2025-55320Configuration Manager Elevation of Privilege VulnerabilityImportantMicrosoft Configuration ManagerCVE-2025-59213Configuration Manager Elevation of Privilege VulnerabilityImportantMicrosoft Defender for LinuxCVE-2025-59497Microsoft Defender for Linux Denial of Service VulnerabilityImportantMicrosoft Edge (Chromium-based)CVE-2025-11213Chromium: CVE-2025-11213 Inappropriate implementation in OmniboxUnknownMicrosoft Edge (Chromium-based)CVE-2025-11210Chromium: CVE-2025-11210 Side-channel information leakage in TabUnknownMicrosoft Edge (Chromium-based)CVE-2025-11460Chromium: CVE-2025-11460 Use after free in StorageUnknownMicrosoft Edge (Chromium-based)CVE-2025-11458Chromium: CVE-2025-11458 Heap buffer overflow in SyncUnknownMicrosoft Edge (Chromium-based)CVE-2025-11215Chromium: CVE-2025-11215 Off by one error in V8UnknownMicrosoft Edge (Chromium-based)CVE-2025-11216Chromium: CVE-2025-11216 Inappropriate implementation in StorageUnknownMicrosoft Edge (Chromium-based)CVE-2025-11208Chromium: CVE-2025-11208 Inappropriate implementation in MediaUnknownMicrosoft Edge (Chromium-based)CVE-2025-11212Chromium: CVE-2025-11212 Inappropriate implementation in MediaUnknownMicrosoft Edge (Chromium-based)CVE-2025-11211Chromium: CVE-2025-11211 Out of bounds read in MediaUnknownMicrosoft Edge (Chromium-based)CVE-2025-11205Chromium: CVE-2025-11205 Heap buffer overflow in WebGPUUnknownMicrosoft Edge (Chromium-based)CVE-2025-11207Chromium: CVE-2025-11207 Side-channel information leakage in StorageUnknownMicrosoft Edge (Chromium-based)CVE-2025-11209Chromium: CVE-2025-11209 Inappropriate implementation in OmniboxUnknownMicrosoft Edge (Chromium-based)CVE-2025-11206Chromium: CVE-2025-11206 Heap buffer overflow in VideoUnknownMicrosoft Edge (Chromium-based)CVE-2025-11219Chromium: CVE-2025-11219 Use after free in V8UnknownMicrosoft Exchange ServerCVE-2025-59248Microsoft Exchange Server Spoofing VulnerabilityImportantMicrosoft Exchange ServerCVE-2025-59249Microsoft Exchange Server Elevation of Privilege VulnerabilityImportantMicrosoft Exchange ServerCVE-2025-53782Microsoft Exchange Server Elevation of Privilege VulnerabilityImportantMicrosoft Failover Cluster Virtual DriverCVE-2025-59260Microsoft Failover Cluster Virtual Driver Information Disclosure VulnerabilityImportantMicrosoft Graphics ComponentCVE-2025-59195Microsoft Graphics Component Denial of Service VulnerabilityImportantMicrosoft Graphics ComponentCVE-2016-9535MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow VulnerabilityCriticalMicrosoft Graphics ComponentCVE-2025-59261Windows Graphics Component Elevation of Privilege VulnerabilityImportantMicrosoft Graphics ComponentCVE-2025-49708Microsoft Graphics Component Elevation of Privilege VulnerabilityCriticalMicrosoft Graphics ComponentCVE-2025-59205Windows Graphics Component Elevation of Privilege VulnerabilityImportantMicrosoft OfficeCVE-2025-59229Microsoft Office Denial of Service VulnerabilityImportantMicrosoft OfficeCVE-2025-59227Microsoft Office Remote Code Execution VulnerabilityCriticalMicrosoft OfficeCVE-2025-59234Microsoft Office Remote Code Execution VulnerabilityCriticalMicrosoft Office ExcelCVE-2025-59223Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59224Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59225Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59232Microsoft Excel Information Disclosure VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59235Microsoft Excel Information Disclosure VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59233Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59231Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office ExcelCVE-2025-59236Microsoft Excel Remote Code Execution VulnerabilityCriticalMicrosoft Office ExcelCVE-2025-59243Microsoft Excel Remote Code Execution VulnerabilityImportantMicrosoft Office PowerPointCVE-2025-59238Microsoft PowerPoint Remote Code Execution VulnerabilityImportantMicrosoft Office SharePointCVE-2025-59237Microsoft SharePoint Remote Code Execution VulnerabilityImportantMicrosoft Office SharePointCVE-2025-59228Microsoft SharePoint Remote Code Execution VulnerabilityImportantMicrosoft Office VisioCVE-2025-59226Microsoft Office Visio Remote Code Execution VulnerabilityImportantMicrosoft Office WordCVE-2025-59222Microsoft Word Remote Code Execution VulnerabilityImportantMicrosoft Office WordCVE-2025-59221Microsoft Word Remote Code Execution VulnerabilityImportantMicrosoft PowerShellCVE-2025-25004PowerShell Elevation of Privilege VulnerabilityImportantMicrosoft WindowsCVE-2025-55701Windows Authentication Elevation of Privilege VulnerabilityImportantMicrosoft Windows Codecs LibraryCVE-2025-54957MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoderImportantMicrosoft Windows Search ComponentCVE-2025-59198Windows Search Service Denial of Service VulnerabilityImportantMicrosoft Windows Search ComponentCVE-2025-59190Windows Search Service Denial of Service VulnerabilityImportantMicrosoft Windows Search ComponentCVE-2025-59253Windows Search Service Denial of Service VulnerabilityImportantMicrosoft Windows SpeechCVE-2025-58715Windows Speech Runtime Elevation of Privilege VulnerabilityImportantMicrosoft Windows SpeechCVE-2025-58716Windows Speech Runtime Elevation of Privilege VulnerabilityImportantNetwork Connection Status Indicator (NCSI)CVE-2025-59201Network Connection Status Indicator (NCSI) Elevation of Privilege VulnerabilityImportantNtQueryInformation Token function (ntifs.h)CVE-2025-55696NtQueryInformation Token function (ntifs.h) Elevation of Privilege VulnerabilityImportantRedis EnterpriseCVE-2025-59271Redis Enterprise Elevation of Privilege VulnerabilityCriticalRemote Desktop ClientCVE-2025-58718Remote Desktop Client Remote Code Execution VulnerabilityImportantSoftware Protection Platform (SPP)CVE-2025-59199Software Protection Platform (SPP) Elevation of Privilege VulnerabilityImportantStorport.sys DriverCVE-2025-59192Storport.sys Driver Elevation of Privilege VulnerabilityImportantTCG TPM2.0CVE-2025-2884Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementationImportantVirtual Secure ModeCVE-2025-48813Virtual Secure Mode Spoofing VulnerabilityImportantVisual StudioCVE-2025-55240Visual Studio Elevation of Privilege VulnerabilityImportantVisual StudioCVE-2025-54132GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram ToolImportantWindows Ancillary Function Driver for WinSockCVE-2025-58714Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportantWindows Ancillary Function Driver for WinSockCVE-2025-59242Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportantWindows Authentication MethodsCVE-2025-59277Windows Authentication Elevation of Privilege VulnerabilityImportantWindows Authentication MethodsCVE-2025-59278Windows Authentication Elevation of Privilege VulnerabilityImportantWindows Authentication MethodsCVE-2025-59275Windows Authentication Elevation of Privilege VulnerabilityImportantWindows BitLockerCVE-2025-55337Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows BitLockerCVE-2025-55332Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows BitLockerCVE-2025-55333Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows BitLockerCVE-2025-55330Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows BitLockerCVE-2025-55338Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows BitLockerCVE-2025-55682Windows BitLocker Security Feature Bypass VulnerabilityImportantWindows Bluetooth ServiceCVE-2025-59290Windows Bluetooth Service Elevation of Privilege VulnerabilityImportantWindows Bluetooth ServiceCVE-2025-58728Windows Bluetooth Service Elevation of Privilege VulnerabilityImportantWindows Bluetooth ServiceCVE-2025-59289Windows Bluetooth Service Elevation of Privilege VulnerabilityImportantWindows Cloud Files Mini Filter DriverCVE-2025-55680Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportantWindows Cloud Files Mini Filter DriverCVE-2025-55336Windows Cloud Files Mini Filter Driver Information Disclosure VulnerabilityImportantWindows COMCVE-2025-58725Windows COM+ Event System Service Elevation of Privilege VulnerabilityImportantWindows Connected Devices Platform ServiceCVE-2025-58727Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityImportantWindows Core ShellCVE-2025-59185NTLM Hash Disclosure Spoofing VulnerabilityImportantWindows Core ShellCVE-2025-59244NTLM Hash Disclosure Spoofing VulnerabilityImportantWindows Cryptographic ServicesCVE-2025-58720Windows Cryptographic Services Information Disclosure VulnerabilityImportantWindows Device Association Broker serviceCVE-2025-50174Windows Device Association Broker Service Elevation of Privilege VulnerabilityImportantWindows Device Association Broker serviceCVE-2025-55677Windows Device Association Broker Service Elevation of Privilege VulnerabilityImportantWindows Digital MediaCVE-2025-53150Windows Digital Media Elevation of Privilege VulnerabilityImportantWindows Digital MediaCVE-2025-50175Windows Digital Media Elevation of Privilege VulnerabilityImportantWindows DirectXCVE-2025-55678DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportantWindows DirectXCVE-2025-55698DirectX Graphics Kernel Denial of Service VulnerabilityImportantWindows DWMCVE-2025-58722Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportantWindows DWMCVE-2025-55681Desktop Windows Manager Elevation of Privilege VulnerabilityImportantWindows DWM Core LibraryCVE-2025-59255Windows DWM Core Library Elevation of Privilege VulnerabilityImportantWindows DWM Core LibraryCVE-2025-59254Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportantWindows Error ReportingCVE-2025-55692Windows Error Reporting Service Elevation of Privilege VulnerabilityImportantWindows Error ReportingCVE-2025-55694Windows Error Reporting Service Elevation of Privilege VulnerabilityImportantWindows ETL ChannelCVE-2025-59197Windows ETL Channel Information Disclosure VulnerabilityImportantWindows Failover ClusterCVE-2025-59188Microsoft Failover Cluster Information Disclosure VulnerabilityImportantWindows Failover ClusterCVE-2025-47979Microsoft Failover Cluster Information Disclosure VulnerabilityImportantWindows File ExplorerCVE-2025-59214Microsoft Windows File Explorer Spoofing VulnerabilityImportantWindows File ExplorerCVE-2025-58739Microsoft Windows File Explorer Spoofing VulnerabilityImportantWindows Health and Optimized Experiences ServiceCVE-2025-59241Windows Health and Optimized Experiences Elevation of Privilege VulnerabilityImportantWindows HelloCVE-2025-53139Windows Hello Security Feature Bypass VulnerabilityImportantWindows High Availability ServicesCVE-2025-59184Storage Spaces Direct Information Disclosure VulnerabilityImportantWindows Hyper-VCVE-2025-55328Windows Hyper-V Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-55679Windows Kernel Information Disclosure VulnerabilityImportantWindows KernelCVE-2025-55683Windows Kernel Information Disclosure VulnerabilityImportantWindows KernelCVE-2025-59207Windows Kernel Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-55334Windows Kernel Security Feature Bypass VulnerabilityImportantWindows KernelCVE-2025-59186Windows Kernel Information Disclosure VulnerabilityImportantWindows KernelCVE-2025-55693Windows Kernel Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-59194Windows Kernel Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-59187Windows Kernel Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-50152Windows Kernel Elevation of Privilege VulnerabilityImportantWindows KernelCVE-2025-55699Windows Kernel Information Disclosure VulnerabilityImportantWindows Local Session Manager (LSM)CVE-2025-58729Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportantWindows Local Session Manager (LSM)CVE-2025-59257Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportantWindows Local Session Manager (LSM)CVE-2025-59259Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportantWindows Management ServicesCVE-2025-59193Windows Management Services Elevation of Privilege VulnerabilityImportantWindows Management ServicesCVE-2025-59204Windows Management Services Information Disclosure VulnerabilityImportantWindows MapUrlToZoneCVE-2025-59208Windows MapUrlToZone Information Disclosure VulnerabilityImportantWindows NDISCVE-2025-55339Windows Network Driver Interface Specification Driver Elevation of Privilege VulnerabilityImportantWindows NTFSCVE-2025-55335Windows NTFS Elevation of Privilege VulnerabilityImportantWindows NTLMCVE-2025-59284Windows NTLM Spoofing VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55331Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55689Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55685Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55686Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55690Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55684Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55688Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows PrintWorkflowUserSvcCVE-2025-55691Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityImportantWindows Push Notification CoreCVE-2025-59209Windows Push Notification Information Disclosure VulnerabilityImportantWindows Push Notification CoreCVE-2025-59211Windows Push Notification Information Disclosure VulnerabilityImportantWindows Remote Access Connection ManagerCVE-2025-59230Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportantWindows Remote DesktopCVE-2025-58737Remote Desktop Protocol Remote Code Execution VulnerabilityImportantWindows Remote Desktop ProtocolCVE-2025-55340Windows Remote Desktop Protocol Security Feature BypassImportantWindows Remote Desktop ServicesCVE-2025-59202Windows Remote Desktop Services Elevation of Privilege VulnerabilityImportantWindows Remote Procedure CallCVE-2025-59502Remote Procedure Call Denial of Service VulnerabilityModerateWindows Resilient File System (ReFS)CVE-2025-55687Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityImportantWindows Resilient File System (ReFS) Deduplication ServiceCVE-2025-59210Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityImportantWindows Resilient File System (ReFS) Deduplication ServiceCVE-2025-59206Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-58717Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Routing and Remote Access Service (RRAS)CVE-2025-55700Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportantWindows Secure BootCVE-2025-47827MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11ImportantWindows Server Update ServiceCVE-2025-59287Windows Server Update Service (WSUS) Remote Code Execution VulnerabilityCriticalWindows SMB ClientCVE-2025-59280Windows SMB Client Tampering VulnerabilityImportantWindows SMB ServerCVE-2025-58726Windows SMB Server Elevation of Privilege VulnerabilityImportantWindows SSDP ServiceCVE-2025-59196Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityImportantWindows StateRepository APICVE-2025-59203Windows State Repository API Server File Information Disclosure VulnerabilityImportantWindows Storage Management ProviderCVE-2025-55325Windows Storage Management Provider Information Disclosure VulnerabilityImportantWindows Taskbar LiveCVE-2025-59294Windows Taskbar Live Preview Information Disclosure VulnerabilityImportantWindows USB Video DriverCVE-2025-55676Windows USB Video Class System Driver Information Disclosure VulnerabilityImportantWindows Virtualization-Based Security (VBS) EnclaveCVE-2025-53717Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityImportantWindows WLAN Auto Config ServiceCVE-2025-55695Windows WLAN AutoConfig Service Information Disclosure VulnerabilityImportantXboxCVE-2025-53768Xbox IStorageService Elevation of Privilege VulnerabilityImportantXBox Gaming ServicesCVE-2025-59281Xbox Gaming Services Elevation of Privilege VulnerabilityImportant