Последний Patch Tuesday для Windows 10: 172 патча и шесть 0-day

15 октября 2025, 09:24

Прошёл октябрьский вторник патчей от Microsoft, и в этот раз у Редмонда получилось особенно насыщенно: компания закрыла 172 уязвимости, включая шесть 0-day, которые уже активно использовались злоумышленниками или были публично раскрыты.

Из общего числа багов восемь признаны «критическими» — пять из них позволяют выполнить код удалённо, а три дают повышение привилегий. Больше всего традиционно уязвимостей, приводящих к повышению прав, — 80 штук.

Категории исправленных уязвимостей:

80 — повышение привилегий; 11 — обход функций безопасности; 31 — удалённое выполнение кода; 28 — утечка информации; 11 — отказ в обслуживании; 10 — подмена (spoofing).

Patch Tuesday не включает обновления для Edge, Azure и Mariner, выпущенные ранее в этом месяце, — здесь учтены только «свежие» патчи, вышедшие сегодня.

Сегодняшний релиз стал последним Patch Tuesday для Windows 10 — система официально завершает срок бесплатной поддержки. Тем, кто хочет продолжить получать обновления безопасности, Microsoft предлагает оформить Extended Security Updates (ESU):

для домашних пользователей — на один год, для корпоративных — до трёх лет.

Из шести уязвимостей нулевого дня две были публично раскрыты, а три активно эксплуатировались. Ниже — самые заметные из них.

CVE-2025-24990 и CVE-2025-24052 — уязвимости в драйвере Agere Modem

Microsoft удалила проблемный драйвер ltmdm64.sys, встроенный в Windows, поскольку через него злоумышленники могли повышать привилегии до уровня администратора. Удаление драйвера приведёт к тому, что модемы факса перестанут работать, предупреждает компания.

CVE-2025-59230 — ошибка в Remote Access Connection Manager

Уязвимость позволяла локально повышать привилегии до SYSTEM из-за некорректного контроля доступа. По словам Microsoft, для успешной атаки требуются определённые усилия и подготовка.

CVE-2025-47827 — обход Secure Boot в IGEL OS

В версиях IGEL OS до 11 можно было обойти проверку подписи модуля igel-flash-driver и загрузить поддельный образ системы.

CVE-2025-0033 — RMPocalypse в AMD SEV-SNP

Это та же уязвимость, о которой накануне сообщили исследователи из Швейцарской высшей технической школы Цюриха. Ошибка в инициализации таблицы Reverse Map Paging (RMP) на процессорах AMD EPYC позволяет гипервизору с повышенными правами вмешаться в память виртуальных машин, нарушая целостность SEV-SNP.

Microsoft признала, что проблема затрагивает Azure Confidential Computing на AMD-серверах. Исправления ещё готовятся, пользователи Azure получат уведомления о доступности патчей.

CVE-2025-2884 — уязвимость в TCG TPM 2.0

Ошибка чтения за пределами памяти в функции CryptHmacSign могла привести к утечке информации или отказу в обслуживании модуля TPM. Исправление было интегрировано в обновления Windows.

Что важно знать пользователям:

Если вы всё ещё на Windows 10, октябрьский апдейт — последний бесплатный. Дальше — только по ESU-программе. Пользователям Windows 11 доступны патчи KB5066835 и KB5066793 — они включают не только исправления по части безопасности, но и улучшения стабильности. Владельцам серверов AMD EPYC стоит следить за обновлениями BIOS и микрокода — RMPocalypse остаётся под особым контролем Microsoft и AMD.

Полный список закрытых брешей приводим ниже:

Tag CVE-идентификатор CVE-наименование Степень риска .NET CVE-2025-55247 .NET Elevation of Privilege Vulnerability Важная .NET, .NET Framework, Visual Studio CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability Важная Active Directory Federation Services CVE-2025-59258 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability Важная Agere Windows Modem Driver CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability Важная Agere Windows Modem Driver CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability Важная AMD Restricted Memory Page CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization Критическая ASP.NET Core CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability Важная Azure Connected Machine Agent CVE-2025-47989 Azure Connected Machine Agent Elevation of Privilege Vulnerability Важная Azure Connected Machine Agent CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability Важная Azure Entra ID CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability Критическая Azure Entra ID CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability Критическая Azure Local CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability Важная Azure Monitor CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability Критическая Azure Monitor Agent CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability Важная Azure Monitor Agent CVE-2025-59494 Azure Monitor Agent Elevation of Privilege Vulnerability Важная Azure PlayFab CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability Критическая Confidential Azure Container Instances CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability Критическая Confidential Azure Container Instances CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability Критическая Connected Devices Platform Service (Cdpsvc) CVE-2025-59191 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Важная Connected Devices Platform Service (Cdpsvc) CVE-2025-55326 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability Важная Connected Devices Platform Service (Cdpsvc) CVE-2025-58719 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Важная Copilot CVE-2025-59272 Copilot Spoofing Vulnerability Критическая Copilot CVE-2025-59252 M365 Copilot Spoofing Vulnerability Критическая Copilot CVE-2025-59286 Copilot Spoofing Vulnerability Критическая Data Sharing Service Client CVE-2025-59200 Data Sharing Service Spoofing Vulnerability Важная Games CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability Важная GitHub CVE-2025-59288 Playwright Spoofing Vulnerability Средняя Inbox COM Objects CVE-2025-58735 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58733 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58731 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58730 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Inbox COM Objects CVE-2025-58736 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability Важная Internet Explorer CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability Важная JDBC Driver for SQL Server CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability Важная Mariner CVE-2025-39943 ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer Критическая Mariner CVE-2025-39946 tls: make sure to abort the stream if headers are bogus Средняя Mariner CVE-2025-39942 ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size Средняя Mariner CVE-2025-39951 um: virtio_uml: Fix use-after-free after put_device in probe Средняя Mariner CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) Средняя Mariner CVE-2025-39949 qed: Don't collect too many protection override GRC elements Средняя Mariner CVE-2025-39937 net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Средняя Mariner CVE-2025-39955 tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). Средняя Mariner CVE-2025-39895 sched: Fix sched_numa_find_nth_cpu() if mask offline Средняя Mariner CVE-2025-11413 GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds Средняя Mariner CVE-2025-11414 GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds Средняя Mariner CVE-2025-39938 ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed Средняя Mariner CVE-2025-11495 GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow Средняя Mariner CVE-2025-39934 drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ Средняя Mariner CVE-2025-39929 smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path Средняя Mariner CVE-2025-39945 cnic: Fix use-after-free bugs in cnic_delete_task Важная Mariner CVE-2025-39907 mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Критическая Mariner CVE-2025-39913 tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. Средняя Mariner CVE-2025-39952 wifi: wilc1000: avoid buffer overflow in WID string configuration Важная Mariner CVE-2025-39940 dm-stripe: fix a possible integer overflow Средняя Mariner CVE-2025-39953 cgroup: split cgroup_destroy_wq into 3 workqueues Средняя Mariner CVE-2023-53469 af_unix: Fix null-ptr-deref in unix_stream_sendpage(). Важная Mariner CVE-2025-39914 tracing: Silence warning when chunk allocation fails in trace_pid_write Средняя Mariner CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Средняя Mariner CVE-2025-39920 pcmcia: Add error handling for add_interval() in do_validate_mem() Средняя Mariner CVE-2025-39911 i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Низкая Mariner CVE-2025-39958 iommu/s390: Make attach succeed when the device was surprise removed Низкая Mariner CVE-2025-8291 ZIP64 End of Central Directory (EOCD) Locator record offset not checked Средняя Mariner CVE-2025-39957 wifi: mac80211: increase scan_ies_len for S1G Низкая Mariner CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user Средняя Mariner CVE-2025-46817 Lua library commands may lead to integer overflow and potential RCE Важная Mariner CVE-2022-50502 mm: /proc/pid/smaps_rollup: fix no vma's null-deref Средняя Mariner CVE-2025-39944 octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() Важная Mariner CVE-2025-11234 Qemu-kvm: vnc websocket handshake use-after-free Средняя Mariner CVE-2025-49844 Redis Lua Use-After-Free may lead to remote code execution Критическая Mariner CVE-2025-10729 Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG Важная Mariner CVE-2025-39961 iommu/amd/pgtbl: Fix possible race while increase page table level Средняя Mariner CVE-2025-61984 ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) Низкая Mariner CVE-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts Средняя Mariner CVE-2025-37727 Elasticsearch Insertion of sensitive information in log file Средняя Mariner CVE-2025-11412 GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds Средняя Mariner CVE-2025-39931 crypto: af_alg - Set merge to zero early in af_alg_sendmsg Средняя Mariner CVE-2025-39933 smb: client: let recv_done verify data_offset, data_length and remaining_data_length Средняя Mariner CVE-2025-39947 net/mlx5e: Harden uplink netdev access against device unbind Средняя Mariner CVE-2025-61985 ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. Низкая Mariner CVE-2025-10728 Uncontrolled recursion in Qt SVG module Важная Mariner CVE-2025-39916 mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Средняя Mariner CVE-2025-39902 mm/slub: avoid accessing metadata when pointer is invalid in object_err() Средняя Mariner CVE-2025-39923 dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Средняя Mariner CVE-2025-39898 e1000e: fix heap overflow in e1000_set_eeprom Критическая Mariner CVE-2025-39925 can: j1939: implement NETDEV_UNREGISTER notification handler Критическая Mariner CVE-2025-39891 wifi: mwifiex: Initialize the chan_stats array to zero Средняя Mariner CVE-2025-39927 ceph: fix race condition validating r_parent before applying state Средняя Mariner CVE-2025-39901 i40e: remove read access to debugfs files Важная Mariner CVE-2025-39910 mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() Критическая Mariner CVE-2025-39909 mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Средняя Microsoft Brokering File System CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability Важная Microsoft Brokering File System CVE-2025-59189 Microsoft Brokering File System Elevation of Privilege Vulnerability Важная Microsoft Configuration Manager CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability Важная Microsoft Configuration Manager CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability Важная Microsoft Defender for Linux CVE-2025-59497 Microsoft Defender for Linux Denial of Service Vulnerability Важная Microsoft Edge (Chromium-based) CVE-2025-11213 Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11210 Chromium: CVE-2025-11210 Side-channel information leakage in Tab Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11460 Chromium: CVE-2025-11460 Use after free in Storage Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11458 Chromium: CVE-2025-11458 Heap buffer overflow in Sync Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11215 Chromium: CVE-2025-11215 Off by one error in V8 Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11216 Chromium: CVE-2025-11216 Inappropriate implementation in Storage Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11208 Chromium: CVE-2025-11208 Inappropriate implementation in Media Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11212 Chromium: CVE-2025-11212 Inappropriate implementation in Media Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11211 Chromium: CVE-2025-11211 Out of bounds read in Media Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11205 Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11207 Chromium: CVE-2025-11207 Side-channel information leakage in Storage Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11209 Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11206 Chromium: CVE-2025-11206 Heap buffer overflow in Video Неизвестно Microsoft Edge (Chromium-based) CVE-2025-11219 Chromium: CVE-2025-11219 Use after free in V8 Неизвестно Microsoft Exchange Server CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability Важная Microsoft Exchange Server CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability Важная Microsoft Exchange Server CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability Важная Microsoft Failover Cluster Virtual Driver CVE-2025-59260 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability Важная Microsoft Graphics Component CVE-2025-59195 Microsoft Graphics Component Denial of Service Vulnerability Важная Microsoft Graphics Component CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability Критическая Microsoft Graphics Component CVE-2025-59261 Windows Graphics Component Elevation of Privilege Vulnerability Важная Microsoft Graphics Component CVE-2025-49708 Microsoft Graphics Component Elevation of Privilege Vulnerability Критическая Microsoft Graphics Component CVE-2025-59205 Windows Graphics Component Elevation of Privilege Vulnerability Важная Microsoft Office CVE-2025-59229 Microsoft Office Denial of Service Vulnerability Важная Microsoft Office CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability Критическая Microsoft Office CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability Критическая Microsoft Office Excel CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office Excel CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office Excel CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office Excel CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability Важная Microsoft Office Excel CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability Важная Microsoft Office Excel CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office Excel CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office Excel CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability Критическая Microsoft Office Excel CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability Важная Microsoft Office PowerPoint CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability Важная Microsoft Office SharePoint CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability Важная Microsoft Office SharePoint CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability Важная Microsoft Office Visio CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability Важная Microsoft Office Word CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability Важная Microsoft Office Word CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability Важная Microsoft PowerShell CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability Важная Microsoft Windows CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability Важная Microsoft Windows Codecs Library CVE-2025-54957 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder Важная Microsoft Windows Search Component CVE-2025-59198 Windows Search Service Denial of Service Vulnerability Важная Microsoft Windows Search Component CVE-2025-59190 Windows Search Service Denial of Service Vulnerability Важная Microsoft Windows Search Component CVE-2025-59253 Windows Search Service Denial of Service Vulnerability Важная Microsoft Windows Speech CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability Важная Microsoft Windows Speech CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability Важная Network Connection Status Indicator (NCSI) CVE-2025-59201 Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability Важная NtQueryInformation Token function (ntifs.h) CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability Важная Redis Enterprise CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability Критическая Remote Desktop Client CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability Важная Software Protection Platform (SPP) CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability Важная Storport.sys Driver CVE-2025-59192 Storport.sys Driver Elevation of Privilege Vulnerability Важная TCG TPM2.0 CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation Важная Virtual Secure Mode CVE-2025-48813 Virtual Secure Mode Spoofing Vulnerability Важная Visual Studio CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability Важная Visual Studio CVE-2025-54132 GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool Важная Windows Ancillary Function Driver for WinSock CVE-2025-58714 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Важная Windows Ancillary Function Driver for WinSock CVE-2025-59242 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Важная Windows Authentication Methods CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability Важная Windows Authentication Methods CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability Важная Windows Authentication Methods CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability Важная Windows BitLocker CVE-2025-55337 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows BitLocker CVE-2025-55332 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows BitLocker CVE-2025-55333 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows BitLocker CVE-2025-55330 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows BitLocker CVE-2025-55338 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows BitLocker CVE-2025-55682 Windows BitLocker Security Feature Bypass Vulnerability Важная Windows Bluetooth Service CVE-2025-59290 Windows Bluetooth Service Elevation of Privilege Vulnerability Важная Windows Bluetooth Service CVE-2025-58728 Windows Bluetooth Service Elevation of Privilege Vulnerability Важная Windows Bluetooth Service CVE-2025-59289 Windows Bluetooth Service Elevation of Privilege Vulnerability Важная Windows Cloud Files Mini Filter Driver CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Важная Windows Cloud Files Mini Filter Driver CVE-2025-55336 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Важная Windows COM CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability Важная Windows Connected Devices Platform Service CVE-2025-58727 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability Важная Windows Core Shell CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability Важная Windows Core Shell CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability Важная Windows Cryptographic Services CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability Важная Windows Device Association Broker service CVE-2025-50174 Windows Device Association Broker Service Elevation of Privilege Vulnerability Важная Windows Device Association Broker service CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability Важная Windows Digital Media CVE-2025-53150 Windows Digital Media Elevation of Privilege Vulnerability Важная Windows Digital Media CVE-2025-50175 Windows Digital Media Elevation of Privilege Vulnerability Важная Windows DirectX CVE-2025-55678 DirectX Graphics Kernel Elevation of Privilege Vulnerability Важная Windows DirectX CVE-2025-55698 DirectX Graphics Kernel Denial of Service Vulnerability Важная Windows DWM CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability Важная Windows DWM CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability Важная Windows DWM Core Library CVE-2025-59255 Windows DWM Core Library Elevation of Privilege Vulnerability Важная Windows DWM Core Library CVE-2025-59254 Microsoft DWM Core Library Elevation of Privilege Vulnerability Важная Windows Error Reporting CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability Важная Windows Error Reporting CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability Важная Windows ETL Channel CVE-2025-59197 Windows ETL Channel Information Disclosure Vulnerability Важная Windows Failover Cluster CVE-2025-59188 Microsoft Failover Cluster Information Disclosure Vulnerability Важная Windows Failover Cluster CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability Важная Windows File Explorer CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability Важная Windows File Explorer CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability Важная Windows Health and Optimized Experiences Service CVE-2025-59241 Windows Health and Optimized Experiences Elevation of Privilege Vulnerability Важная Windows Hello CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability Важная Windows High Availability Services CVE-2025-59184 Storage Spaces Direct Information Disclosure Vulnerability Важная Windows Hyper-V CVE-2025-55328 Windows Hyper-V Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-55679 Windows Kernel Information Disclosure Vulnerability Важная Windows Kernel CVE-2025-55683 Windows Kernel Information Disclosure Vulnerability Важная Windows Kernel CVE-2025-59207 Windows Kernel Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-55334 Windows Kernel Security Feature Bypass Vulnerability Важная Windows Kernel CVE-2025-59186 Windows Kernel Information Disclosure Vulnerability Важная Windows Kernel CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-50152 Windows Kernel Elevation of Privilege Vulnerability Важная Windows Kernel CVE-2025-55699 Windows Kernel Information Disclosure Vulnerability Важная Windows Local Session Manager (LSM) CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability Важная Windows Local Session Manager (LSM) CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability Важная Windows Local Session Manager (LSM) CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability Важная Windows Management Services CVE-2025-59193 Windows Management Services Elevation of Privilege Vulnerability Важная Windows Management Services CVE-2025-59204 Windows Management Services Information Disclosure Vulnerability Важная Windows MapUrlToZone CVE-2025-59208 Windows MapUrlToZone Information Disclosure Vulnerability Важная Windows NDIS CVE-2025-55339 Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability Важная Windows NTFS CVE-2025-55335 Windows NTFS Elevation of Privilege Vulnerability Важная Windows NTLM CVE-2025-59284 Windows NTLM Spoofing Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55331 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55689 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55685 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55686 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55690 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55684 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55688 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows PrintWorkflowUserSvc CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability Важная Windows Push Notification Core CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability Важная Windows Push Notification Core CVE-2025-59211 Windows Push Notification Information Disclosure Vulnerability Важная Windows Remote Access Connection Manager CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Важная Windows Remote Desktop CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability Важная Windows Remote Desktop Protocol CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass Важная Windows Remote Desktop Services CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability Важная Windows Remote Procedure Call CVE-2025-59502 Remote Procedure Call Denial of Service Vulnerability Средняя Windows Resilient File System (ReFS) CVE-2025-55687 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability Важная Windows Resilient File System (ReFS) Deduplication Service CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Важная Windows Resilient File System (ReFS) Deduplication Service CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability Важная Windows Routing and Remote Access Service (RRAS) CVE-2025-58717 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Важная Windows Routing and Remote Access Service (RRAS) CVE-2025-55700 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Важная Windows Secure Boot CVE-2025-47827 MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 Важная Windows Server Update Service CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Критическая Windows SMB Client CVE-2025-59280 Windows SMB Client Tampering Vulnerability Важная Windows SMB Server CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability Важная Windows SSDP Service CVE-2025-59196 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Важная Windows StateRepository API CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability Важная Windows Storage Management Provider CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability Важная Windows Taskbar Live CVE-2025-59294 Windows Taskbar Live Preview Information Disclosure Vulnerability Важная Windows USB Video Driver CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability Важная Windows Virtualization-Based Security (VBS) Enclave CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability Важная Windows WLAN Auto Config Service CVE-2025-55695 Windows WLAN AutoConfig Service Information Disclosure Vulnerability Важная Xbox CVE-2025-53768 Xbox IStorageService Elevation of Privilege Vulnerability Важная XBox Gaming Services CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability Важная

Общество

Shell

Microsoft

Редмонд

Цюрих