Microsoft security advisory – October 2025 monthly rollup (AV25-666) – Update 1

Serial number: AV25-666
Date: October 15, 2025
Updated: October 24, 2025

On October 14, 2025, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:

  • .NET 8.0
  • ASP.NET
  • Arc Enabled Servers
  • Azure Cache for Redis Enterprise
  • Azure Compute Gallery
  • Azure Confidential Compute VM
  • Azure Managed Redis
  • Azure Monitor
  • Azure Monitor Agent
  • Azure PlayFab
  • DOOM
  • Fallout Shelter
  • Microsoft .NET Framework
  • Microsoft 365 Apps for Enterprise
  • Microsoft 365 Copilot's Business Chat
  • Microsoft 365 Word Copilot
  • Microsoft Access 2016
  • Microsoft Configuration Manager
  • Microsoft Defender for Endpoint for Linux
  • Microsoft Entra ID
  • Microsoft Excel 2016
  • Microsoft Exchange Server
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019
  • Microsoft JDBC
  • Microsoft Mesh PC Applications
  • Microsoft Mesh for Meta Quest
  • Microsoft Office
  • Microsoft Office 2016
  • Microsoft Office 2019
  • Microsoft Office LTSC 2021
  • Microsoft Office LTSC 2024
  • Microsoft Office for Android
  • Microsoft PowerPoint 2016
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft Visual Studio 2017
  • Microsoft Visual Studio 2019
  • Microsoft Visual Studio 2022
  • Microsoft Word 2016
  • Office Online Server
  • PowerShell 7.4
  • PowerShell 7.5
  • Remote Desktop client for Windows Desktop
  • Starfield Companion App
  • Windows 10
  • Windows 11
  • Windows App Client for Windows Desktop
  • Windows Server 2008
  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025

Microsoft has indicated that CVE-2025-47827, CVE-2025-59230 and CVE-2025-24990 have available exploits.

Update 1
On October 23, 2025, Microsoft stated that Proof of Concept (PoC) exploit for critical vulnerability CVE-2025-59287 affecting their WSUS is now available online.

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: