[German]Microsoft hat am 14. Oktober 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office – sowie für weitere Produkte – veröffentlicht. Die Sicherheitsupdates beseitigen 167 Schwachstellen (CVEs), sieben kritisch, drei davon wurden als 0-day klassifiziert und zwei werden ausgenutzt. Nachfolgend findet sich ein kompakter Überblick über diese Updates, die zum Patchday freigegeben wurden.
Notes on the updates
A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office, etc. are available in separate blog posts.
Windows 10/11, Windows Server
All Windows 10/11 updates (as well as updates for the server counterparts) are cumulative. The monthly Patch Day update contains all security fixes for these Windows versions, as well as all non-security-related fixes up to Patch Day. In addition to security patches for vulnerabilities, the updates also contain fixes for bugs and new features.
In October 2024, Windows 10 22H2 will receive regular security updates for the last time and will no longer be supported. In future, security updates will only be available to users with an ESU license.
For Windows Server 2012/R2, an ESU license is required to obtain further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).
Fixed vulnerabilities
Tenable has published this blog post with an overview of the fixed vulnerabilities. Here are some of the critical vulnerabilities that have been eliminated:
- CVE-2025-24052, CVE-2025-249904: Windows Agere Modem Driver Elevation of Privilege Vulnerability, CVEv3 Score 7.8, important; EoP vulnerabilities in the third-party Agere modem driver. Microsoft reports that CVE-2025-24990 has been exploited in the wild and CVE-2025-24052 was disclosed prior to the release of a patch. Successful exploitation would allow an attacker to gain administrator privileges on an affected system. The ltmdm64.sys driver was previously shipped by default with supported Windows operating systems, but will no longer be supported after the October update. Microsoft notes that ltmdm64.sys-dependent hardware will no longer function on Windows and recommends that users remove existing dependencies.
- CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability, CVEv3 Score 7.8, Important; According to Microsoft, this vulnerability in Windows Remote Access Connection Manager has already been exploited in the wild. Exploiting this vulnerability could allow a local attacker to gain SYSTEM privileges.
- CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability, CVEv3 Score 7.8, critical; According to Microsoft, this vulnerability has already been exploited in the wild. This vulnerability is exploited via improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges.
- CVE-2025-59287: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability, CVEv3 Score 9.8, critical; "Exploitation More Likely"; An attacker could exploit this vulnerability to gain RCE by sending a crafted event that results in deserialization of untrusted data.
- CVE-2025-59227, CVE-2025-59234: Microsoft Office Remote Code Execution Vulnerabilities, CVEv3 Score 7.8, critical; "Exploitation Less Likely"; An attacker could exploit these vulnerabilities through social engineering by sending the malicious Microsoft Office document file to a specific target. Successful exploitation would grant the attacker code execution privileges.
- CVE-2025-55680: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability, CVEv3 Score 7.8, important; A local, authenticated attacker would need to win a race condition to exploit this vulnerability. Successful exploitation would allow the attacker to gain SYSTEM privileges.
- CVE-2025-49708: Microsoft Graphics Component Elevation of Privilege Vulnerability, CVEv3 Score 9.9, critical; The use of "use after free" in Microsoft Graphics Component allows an authorized attacker to elevate their privileges over a network.
A list of all disclosed CVEs can be found on this Microsoft page, excerpts are available from Tenable. Some additional vulnerabilities are available from Talos. However, CVE-2025-49708, which was added above, appears to be documented only by Microsoft.
Similar articles:
Microsoft Security Update Summary (October 14, 2025)
Patchday: Windows 10/11 Updates (October 14, 2025)
Patchday: Windows Server-Updates (October 14, 2025)
Patchday: Microsoft Office Updates (October 14, 2025)
