Threat intelligence
Microsoft Security Bulletin Coverage for October 2025
Overview
Microsoft’s October 2025 Patch Tuesday has 176 vulnerabilities, of which 84 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2025 and has produced coverage for 13 of the reported vulnerabilities.
Vulnerabilities with Detections
| CVE | CVE Title | Signature |
| CVE-2025-24052 | Windows Agere Modem Driver Elevation of Privilege Vulnerability | ASPY 7124 Exploit-exe exe.MP_476 |
| CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerability | GAV Ropero.A |
| CVE-2025-55676 | Windows USB Video Class System Driver Information Disclosure Vulnerability | ASPY 7120 Malformed-xml xml.MP_8 |
| CVE-2025-55680 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ASPY 7122 Exploit-exe exe.MP_468 |
| CVE-2025-55681 | Desktop Windows Manager Elevation of Privilege Vulnerability | ASPY 656 Exploit-exe exe.MP_475 |
| CVE-2025-55692 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ASPY 7121 Exploit-exe exe.MP_467 |
| CVE-2025-55693 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 7123 Exploit-exe exe.MP_469 |
| CVE-2025-55694 | Windows Error Reporting Service Elevation of Privilege Vulnerability | ASPY 655 Exploit-exe exe.MP_474 |
| CVE-2025-58722 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | ASPY 654 Exploit-exe exe.MP_473 |
| CVE-2025-59194 | Windows Kernel Elevation of Privilege Vulnerability | ASPY 653 Exploit-exe exe.MP_472 |
| CVE-2025-59199 | Software Protection Platform (SPP) Elevation of Privilege Vulnerability | ASPY 652 Exploit-exe exe.MP_471 |
| CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | ASPY 651 Exploit-exe exe.MP_470 |
| CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability | IPS 4610 Windows Server Update Service Remote Code Execution (CVE-2025-59287) |
Release Breakdown
The vulnerabilities can be classified into the following categories:
For October, there are 15 critical and 160 important vulnerabilities.
Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.
Release Detailed Breakdown
Denial of Service Vulnerabilities
| CVE | CVE Title |
| CVE-2025-55698 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-58729 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-59190 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59195 | Microsoft Graphics Component Denial of Service Vulnerability |
| CVE-2025-59198 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59208 | Windows MapUrlToZone Information Disclosure Vulnerability |
| CVE-2025-59229 | Microsoft Office Denial of Service Vulnerability |
| CVE-2025-59253 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59257 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-59259 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-59497 | Microsoft Defender for Linux Denial of Service Vulnerability |
Elevation of Privilege Vulnerabilities
| CVE | CVE Title |
| CVE-2025-24052 | Windows Agere Modem Driver Elevation of Privilege Vulnerability |
| CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerability |
| CVE-2025-25004 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2025-47989 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2025-48004 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-49708 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2025-50152 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-50174 | Windows Device Association Broker Service Elevation of Privilege Vulnerability |
| CVE-2025-50175 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-53150 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-53717 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-53768 | Xbox IStorageService Elevation of Privilege Vulnerability |
| CVE-2025-53782 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-55240 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-55247 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-55320 | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-55328 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-55331 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55335 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2025-55339 | Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability |
| CVE-2025-55677 | Windows Device Association Broker Service Elevation of Privilege Vulnerability |
| CVE-2025-55678 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-55680 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-55681 | Desktop Windows Manager Elevation of Privilege Vulnerability |
| CVE-2025-55684 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55685 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55686 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55687 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2025-55688 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55689 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55690 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55691 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55692 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2025-55693 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-55694 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2025-55696 | NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability |
| CVE-2025-55697 | Azure Local Elevation of Privilege Vulnerability |
| CVE-2025-55701 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-58714 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-58715 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-58716 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-58719 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-58722 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-58724 | Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2025-58725 | Windows COM+ Event System Service Elevation of Privilege Vulnerability |
| CVE-2025-58726 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2025-58727 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-58728 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-59187 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59189 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-59191 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-59192 | Storport.sys Driver Elevation of Privilege Vulnerability |
| CVE-2025-59193 | Windows Management Services Elevation of Privilege Vulnerability |
| CVE-2025-59194 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59196 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability |
| CVE-2025-59199 | Software Protection Platform (SPP) Elevation of Privilege Vulnerability |
| CVE-2025-59201 | Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability |
| CVE-2025-59202 | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2025-59205 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59206 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-59207 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59210 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-59213 | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-59218 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-59241 | Windows Health and Optimized Experiences Elevation of Privilege Vulnerability |
| CVE-2025-59242 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-59246 | Azure Entra ID Elevation of Privilege Vulnerability |
| CVE-2025-59247 | Azure PlayFab Elevation of Privilege Vulnerability |
| CVE-2025-59249 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-59254 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-59255 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-59261 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59271 | Redis Enterprise Elevation of Privilege Vulnerability |
| CVE-2025-59275 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59277 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59278 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59281 | Xbox Gaming Services Elevation of Privilege Vulnerability |
| CVE-2025-59285 | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2025-59289 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-59290 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-59291 | Confidential Azure Container Instances Elevation of Privilege Vulnerability |
| CVE-2025-59292 | Azure Compute Gallery Elevation of Privilege Vulnerability |
| CVE-2025-59494 | Azure Monitor Agent Elevation of Privilege Vulnerability |
Information Disclosure Vulnerabilities
| CVE | CVE Title |
| CVE-2025-47979 | Microsoft Failover Cluster Information Disclosure Vulnerability |
| CVE-2025-55248 | .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability |
| CVE-2025-55325 | Windows Storage Management Provider Information Disclosure Vulnerability |
| CVE-2025-55336 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2025-55676 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-55679 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55683 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55695 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CVE-2025-55699 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55700 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-58717 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-58720 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2025-59184 | Storage Spaces Direct Information Disclosure Vulnerability |
| CVE-2025-59186 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-59188 | Microsoft Failover Cluster Information Disclosure Vulnerability |
| CVE-2025-59197 | Windows ETL Channel Information Disclosure Vulnerability |
| CVE-2025-59203 | Windows State Repository API Server File Information Disclosure Vulnerability |
| CVE-2025-59204 | Windows Management Services Information Disclosure Vulnerability |
| CVE-2025-59209 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2025-59211 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2025-59232 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-59235 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-59258 | Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability |
| CVE-2025-59260 | Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability |
| CVE-2025-59294 | Windows Taskbar Live Preview Information Disclosure Vulnerability |
Remote Code Execution Vulnerabilities
| CVE | CVE Title |
| CVE-2025-55326 | Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability |
| CVE-2025-58718 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-58730 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58731 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58732 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58733 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58734 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58735 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58736 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58737 | Remote Desktop Protocol Remote Code Execution Vulnerability |
| CVE-2025-58738 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-59221 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-59222 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-59223 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59224 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59225 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59226 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2025-59227 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-59228 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-59231 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59233 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59234 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-59236 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59237 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-59238 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-59243 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59282 | Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
| CVE-2025-59295 | Windows URL Parsing Remote Code Execution Vulnerability |
Security Feature Bypass Vulnerabilities
| CVE | CVE Title |
| CVE-2025-53139 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2025-55315 | ASP.NET Security Feature Bypass Vulnerability |
| CVE-2025-55330 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55332 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55333 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55334 | Windows Kernel Security Feature Bypass Vulnerability |
| CVE-2025-55337 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55338 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55340 | Windows Remote Desktop Protocol Security Feature Bypass |
| CVE-2025-55682 | Windows BitLocker Security Feature Bypass Vulnerability |
Spoofing Vulnerabilities
| CVE | CVE Title |
| CVE-2025-48813 | Windows Confidential Virtual Machines Spoofing Vulnerability |
| CVE-2025-55321 | Azure Monitor Log Analytics Spoofing Vulnerability |
| CVE-2025-58739 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-59185 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-59200 | Data Sharing Service Spoofing Vulnerability |
| CVE-2025-59214 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-59217 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2025-59244 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-59248 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-59250 | JDBC Driver for SQL Server Spoofing Vulnerability |
| CVE-2025-59252 | M365 Copilot Spoofing Vulnerability |
| CVE-2025-59272 | Copilot Spoofing Vulnerability |
| CVE-2025-59284 | Windows NTLM Spoofing Vulnerability |
| CVE-2025-59286 | Copilot Spoofing Vulnerability |
| CVE-2025-59288 | Playwright Spoofing Vulnerability |
| CVE-2025-59501 |
|
Tampering Vulnerability
| CVE | CVE Title |
| CVE-2025-59280 | Windows SMB Client Tampering Vulnerability |
Share This Article
An Article By
An Article By
Security News
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
