Microsoft security alert.
October 14, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 163 vulnerabilities that were fixed in 16 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 16 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Office Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 110508
- Vendor Reference
- Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac, kb5002341, kb5002719, kb5002720, kb5002757, kb5002789, kb5002790, kb5002792, kb5002794, kb5002797
- CVE Reference
- CVE-2025-59221, CVE-2025-59222, CVE-2025-59223, CVE-2025-59224, CVE-2025-59225, CVE-2025-59226, CVE-2025-59227, CVE-2025-59228, CVE-2025-59229, CVE-2025-59231, CVE-2025-59232, CVE-2025-59233, CVE-2025-59234, CVE-2025-59235, CVE-2025-59236, CVE-2025-59237, CVE-2025-59238, CVE-2025-59243
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released the October 2025 Office Security Updates addressing multiple vulnerabilities, including those that could lead to Remote Code Execution and Information Disclosure through specially crafted Office documents.
This security update contains the following:
KB5002792
KB5002341
KB5002719
KB5002757
KB5002794
KB5002790
KB5002789
KB5002797
KB5002720
Office Click-2-Run and Office 365 Release Notes and
Office Release Notes for MacQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version to identify vulnerable versions of Microsoft Office.
Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications.Note: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.
- Consequence
-
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, gain unauthorized access, or disclose sensitive information by persuading a user to open a specially crafted Office document. This may lead to system compromise, data leakage, or further lateral movement within the network.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-59238, CVE-2025-59222, CVE-2025-59221, CVE-2025-59232, CVE-2025-59229, CVE-2025-59227, CVE-2025-59226, CVE-2025-59225, CVE-2025-59223, CVE-2025-59233, CVE-2025-59224, CVE-2025-59243, CVE-2025-59236, CVE-2025-59235, CVE-2025-59234, CVE-2025-59231, CVE-2025-59237, and CVE-2025-59228 for more information regarding these vulnerabilities.Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-59221
CVE-2025-59222
CVE-2025-59223
CVE-2025-59224
CVE-2025-59225
CVE-2025-59226
CVE-2025-59227
CVE-2025-59228
CVE-2025-59229
CVE-2025-59231
CVE-2025-59233
CVE-2025-59234
CVE-2025-59235
CVE-2025-59236
CVE-2025-59237
CVE-2025-59238
CVE-2025-59243
-
Microsoft SharePoint Server Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 110509
- Vendor Reference
- KB5002786, KB5002787, KB5002788, KB5002796, KB5002798
- CVE Reference
- CVE-2025-59221, CVE-2025-59222, CVE-2025-59228, CVE-2025-59232, CVE-2025-59235, CVE-2025-59237
- CVSS Scores
- Base 9 / Temporal 6.7
- Description
-
Microsoft has released the October 2025 security updates to address vulnerabilities in SharePoint Server versions 2016, 2019, and SharePoint Server Subscription Edition, including issues related to Remote Code Execution, Elevation of Privilege, and Improper Input Validation.
This security update contains the following KBs:
QID Detection Logic (Authenticated):
KB5002788
KB5002787
KB5002796
KB5002798
KB5002786
Operating System: Windows
The detection retrieves the Microsoft SharePoint installation path from the Windows Registry and triggers the QID if a vulnerable file version is identified. - Consequence
-
Successful exploitation of the SharePoint vulnerabilities may allow an attacker to do one or more of the following:
- Execute arbitrary code on the SharePoint server (remote code execution), potentially allowing full compromise of the affected host and any data the service can access.
- Elevate privileges from a low-privileged SharePoint user to a higher privileged account or system context, enabling wider access to configuration and sensitive content.
- Access or disclose sensitive information stored in SharePoint sites, document libraries, or configuration files (information disclosure).
- Modify or delete content and configuration (integrity impact), which can disrupt business workflows and damage data trustworthiness.
- Cause service disruption or denial of service for SharePoint users (availability impact), affecting productivity and potentially requiring emergency remediation.
- Enable lateral movement within the network or persistence mechanisms if attackers leverage stolen credentials or server access to target other systems.
Because some of these issues require valid credentials or authenticated access, the overall risk to an organization depends on factors such as account hygiene, least-privilege enforcement, network segmentation, and timely patching.
- Solution
-
Customers are advised to refer to the below Article:
CVE-2025-59222, CVE-2025-59221, CVE-2025-59232, CVE-2025-59237, CVE-2025-59235, and CVE-2025-59228 for more information regarding the vulnerabilities.Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-59221
CVE-2025-59222
CVE-2025-59228
CVE-2025-59232
CVE-2025-59235
CVE-2025-59237
-
Xbox Gaming Services Elevation of Privilege Vulnerability for October 2025
- Severity
- Critical 4
- Qualys ID
- 385525
- Vendor Reference
- CVE-2025-59281
- CVE Reference
- CVE-2025-59281
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Xbox Gaming Services is a system component for Windows PCs that Microsoft uses to run games from the Xbox app and the Microsoft Store.
Affected versions:
All versions before version 31.105.2509.23001
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions by checking the file version of Xbox Gaming Services
- Consequence
-
An attacker who successfully exploited this vulnerability could able to delete targeted files on a system.
- Solution
-
Customers are advised to refer to CVE-2025-59281 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-59281
-
Microsoft Azure Arc Installer Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 385526
- Vendor Reference
- CVE-2025-58724
- CVE Reference
- CVE-2025-58724
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.
Affected versions:
All versions before version 1.56
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions by checking the file version.
On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.
- Consequence
- Successful exploitation of this allows an authorized attacker to elevate privileges locally.
- Solution
-
Customers are advised to refer to
CVE-2025-58724
for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-58724
-
Microsoft PowerShell Elevation of Privilege Vulnerability (CVE-2025-25004)
- Severity
- Critical 4
- Qualys ID
- 385527
- Vendor Reference
- CVE-2025-25004
- CVE Reference
- CVE-2025-25004
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Microsoft PowerShell is a cross-platform task automation solution made up of a command-line shell, a scripting language, and a configuration management framework.
Affected Versions:
PowerShell 7.5 prior to 7.5.4
PowerShell 7.4 prior to 7.4.13QID Detection Logic: (Authenticated)
The QID detects vulnerable versions of Powershell by checking the registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. - Consequence
-
A local, authenticated attacker could exploit this vulnerability to create, modify, or delete files in the security context of the "NT AUTHORITY\SYSTEM" account.
- Solution
-
Customers are advised to refer to the following CVE-2025-25004.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-25004
-
Microsoft Exchange Server Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 50143
- Vendor Reference
- CVE-2025-53782, CVE-2025-59248, CVE-2025-59249
- CVE Reference
- CVE-2025-53782, CVE-2025-59248, CVE-2025-59249
- CVSS Scores
- Base 7.6 / Temporal 5.6
- Description
-
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems.
Affected Software:
Exchange Server 2019
Exchange Server 2016QID Detection Logic: (Authenticated)
This QID detects vulnerable versions of Microsoft Exchange Server by retrieving the file version of Exsetup.exe.QID Detection Logic: (Unauthenticated)
This QID sends a HTTP GET request to "/owa" endpoint to detect vulnerable versions of Microsoft Exchange Server. - Consequence
-
Successful exploitation of this vulnerability allows an authorized attacker to elevate privileges over a network.
- Solution
-
Customers are advised to refer to CVE-2025-53782,CVE-2025-59248,CVE-2025-59249 for more details pertaining to this update.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
5066366
5066367
5066368
5066369
-
Microsoft Windows Server Security Update for October 2025
- Severity
- Urgent 5
- Qualys ID
- 92311
- Vendor Reference
- KB5065306, KB5065425, KB5065426, KB5065428, KB5065432, KB5065474, KB5066586, KB5066780, KB5066782, KB5066835, KB5066836, KB5066840, KB5066872, KB5066873, KB5066874, KB5066875, KB5066876, KB5066877
- CVE Reference
- CVE-2016-9535, CVE-2025-2884, CVE-2025-24052, CVE-2025-24990, CVE-2025-25004, CVE-2025-47827, CVE-2025-47979, CVE-2025-48004, CVE-2025-48813, CVE-2025-49708, CVE-2025-50152, CVE-2025-50174, CVE-2025-50175, CVE-2025-53139, CVE-2025-53150, CVE-2025-54957, CVE-2025-55325, CVE-2025-55326, CVE-2025-55328, CVE-2025-55330, CVE-2025-55331, CVE-2025-55332, CVE-2025-55333, CVE-2025-55335, CVE-2025-55336, CVE-2025-55337, CVE-2025-55338, CVE-2025-55339, CVE-2025-55340, CVE-2025-55676, CVE-2025-55677, CVE-2025-55678, CVE-2025-55679, CVE-2025-55680, CVE-2025-55681, CVE-2025-55682, CVE-2025-55683, CVE-2025-55684, CVE-2025-55685, CVE-2025-55686, CVE-2025-55687, CVE-2025-55688, CVE-2025-55689, CVE-2025-55690, CVE-2025-55691, CVE-2025-55692, CVE-2025-55693, CVE-2025-55694, CVE-2025-55695, CVE-2025-55696, CVE-2025-55697, CVE-2025-55698, CVE-2025-55699, CVE-2025-55700, CVE-2025-55701, CVE-2025-58714, CVE-2025-58715, CVE-2025-58716, CVE-2025-58717, CVE-2025-58718, CVE-2025-58719, CVE-2025-58720, CVE-2025-58722, CVE-2025-58725, CVE-2025-58726, CVE-2025-58727, CVE-2025-58728, CVE-2025-58729, CVE-2025-58730, CVE-2025-58731, CVE-2025-58732, CVE-2025-58733, CVE-2025-58734, CVE-2025-58735, CVE-2025-58736, CVE-2025-58737, CVE-2025-58738, CVE-2025-58739, CVE-2025-59184, CVE-2025-59185, CVE-2025-59186, CVE-2025-59187, CVE-2025-59188, CVE-2025-59189, CVE-2025-59190, CVE-2025-59191, CVE-2025-59192, CVE-2025-59193, CVE-2025-59194, CVE-2025-59195, CVE-2025-59196, CVE-2025-59197, CVE-2025-59198, CVE-2025-59199, CVE-2025-59200, CVE-2025-59201, CVE-2025-59202, CVE-2025-59203, CVE-2025-59204, CVE-2025-59205, CVE-2025-59206, CVE-2025-59207, CVE-2025-59208, CVE-2025-59209, CVE-2025-59210, CVE-2025-59211, CVE-2025-59214, CVE-2025-59215, CVE-2025-59216, CVE-2025-59220, CVE-2025-59230, CVE-2025-59242, CVE-2025-59244, CVE-2025-59253, CVE-2025-59254, CVE-2025-59255, CVE-2025-59257, CVE-2025-59258, CVE-2025-59259, CVE-2025-59260, CVE-2025-59261, CVE-2025-59275, CVE-2025-59277, CVE-2025-59278, CVE-2025-59280, CVE-2025-59282, CVE-2025-59284, CVE-2025-59294, CVE-2025-59295
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
Microsoft Windows Server Security Update for October 2025
KB5066836
KB5066875
KB5066874
KB5066873
KB5066872
KB5066780
KB5066877
KB5066835
KB5066782
KB5066876
KB5066586
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5066836
KB5066875
KB5066874
KB5066873
KB5066872
KB5066780
KB5066877
KB5066835
KB5066782
KB5066876
KB5066586
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5066780
KB5066782
KB5066835
KB5066836
KB5066840
KB5066872
KB5066873
KB5066874
KB5066875
KB5066876
KB5066877
-
Microsoft Windows Security Update for October 2025
- Severity
- Urgent 5
- Qualys ID
- 92312
- Vendor Reference
- KB5065426, KB5065428, KB5065429, KB5065431, KB5065474, KB5066586, KB5066791, KB5066793, KB5066835, KB5066836, KB5066837
- CVE Reference
- CVE-2016-9535, CVE-2025-2884, CVE-2025-24052, CVE-2025-24990, CVE-2025-25004, CVE-2025-47827, CVE-2025-48004, CVE-2025-48813, CVE-2025-49708, CVE-2025-50152, CVE-2025-50174, CVE-2025-50175, CVE-2025-53139, CVE-2025-53150, CVE-2025-53768, CVE-2025-54957, CVE-2025-55325, CVE-2025-55326, CVE-2025-55328, CVE-2025-55330, CVE-2025-55331, CVE-2025-55332, CVE-2025-55333, CVE-2025-55334, CVE-2025-55335, CVE-2025-55336, CVE-2025-55337, CVE-2025-55338, CVE-2025-55339, CVE-2025-55340, CVE-2025-55676, CVE-2025-55677, CVE-2025-55678, CVE-2025-55679, CVE-2025-55680, CVE-2025-55681, CVE-2025-55682, CVE-2025-55684, CVE-2025-55685, CVE-2025-55686, CVE-2025-55687, CVE-2025-55688, CVE-2025-55689, CVE-2025-55690, CVE-2025-55691, CVE-2025-55692, CVE-2025-55693, CVE-2025-55694, CVE-2025-55695, CVE-2025-55696, CVE-2025-55698, CVE-2025-55699, CVE-2025-55700, CVE-2025-55701, CVE-2025-58714, CVE-2025-58715, CVE-2025-58716, CVE-2025-58717, CVE-2025-58718, CVE-2025-58719, CVE-2025-58720, CVE-2025-58722, CVE-2025-58725, CVE-2025-58726, CVE-2025-58727, CVE-2025-58728, CVE-2025-58729, CVE-2025-58730, CVE-2025-58731, CVE-2025-58732, CVE-2025-58733, CVE-2025-58734, CVE-2025-58735, CVE-2025-58736, CVE-2025-58738, CVE-2025-58739, CVE-2025-59185, CVE-2025-59187, CVE-2025-59189, CVE-2025-59190, CVE-2025-59191, CVE-2025-59192, CVE-2025-59193, CVE-2025-59194, CVE-2025-59195, CVE-2025-59196, CVE-2025-59197, CVE-2025-59198, CVE-2025-59199, CVE-2025-59200, CVE-2025-59201, CVE-2025-59202, CVE-2025-59203, CVE-2025-59204, CVE-2025-59205, CVE-2025-59206, CVE-2025-59207, CVE-2025-59208, CVE-2025-59209, CVE-2025-59210, CVE-2025-59211, CVE-2025-59214, CVE-2025-59215, CVE-2025-59216, CVE-2025-59220, CVE-2025-59230, CVE-2025-59241, CVE-2025-59242, CVE-2025-59244, CVE-2025-59253, CVE-2025-59254, CVE-2025-59255, CVE-2025-59257, CVE-2025-59259, CVE-2025-59261, CVE-2025-59275, CVE-2025-59277, CVE-2025-59278, CVE-2025-59280, CVE-2025-59282, CVE-2025-59284, CVE-2025-59294, CVE-2025-59295
- CVSS Scores
- Base 7.5 / Temporal 5.9
- Description
-
Microsoft Windows Security Update for October 2025
KB5066836
KB5066835
KB5066837
KB5066791
KB5066586
KB5066793
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5066836
KB5066835
KB5066837
KB5066791
KB5066586
KB5066793
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5066586
KB5066791
KB5066793
KB5066835
KB5066836
KB5066837
-
Microsoft ASP.NET Core Security Update for October 2025
- Severity
- Urgent 5
- Qualys ID
- 92313
- Vendor Reference
- CVE-2025-55315
- CVE Reference
- CVE-2025-55315
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
Microsoft ASP.NET Core Security Update for October 2025
Affected Versions:
Asp.Net Core 2.3 prior to 2.3.6
Asp.Net Core 9.0 prior to 9.0.10
Asp.Net Core 8.0 prior to 8.0.21
QID Detection Logic (Authenticated):
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in '/usr/share/dotnet/shared/Microsoft.NETCore.App/' and '/root/shared/Microsoft.NETCore.App' folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in '/usr/share/dotnet/shared/Microsoft.NETCore.App/' folder. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
CVE-2025-55315
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-55315
-
Microsoft .NET Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 92314
- Vendor Reference
- CVE-2025-55247, CVE-2025-55248
- CVE Reference
- CVE-2025-55247, CVE-2025-55248
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft .NET Security Update for October 2025
Affected Versions:
.Net 8.0 prior to 8.0.21
.Net 9.0 prior to 9.0.10
QID Detection Logic (Authenticated):
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in '/usr/share/dotnet/shared/Microsoft.NETCore.App/' and '/root/shared/Microsoft.NETCore.App' folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in '/usr/share/dotnet/shared/Microsoft.NETCore.App/' folder. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
CVE-2025-55248
CVE-2025-55247
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-55247
CVE-2025-55248
-
Microsoft Visual Studio Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 92315
- Vendor Reference
- CVE-2025-54132, CVE-2025-55240, CVE-2025-55248, CVE-2025-55315
- CVE Reference
- CVE-2025-54132, CVE-2025-55240, CVE-2025-55248, CVE-2025-55315
- CVSS Scores
- Base 5.4 / Temporal 4.3
- Description
-
Microsoft Visual Studio Security Update for October 2025
Affected Versions:
Microsoft Visual Studio 2022 Version 17.14 prior to 17.14.17
Microsoft Visual Studio 2022 Version 17.10 prior to 17.10.20
Microsoft Visual Studio 2022 Version 17.12 prior to 17.12.13
Microsoft Visual Studio 2019 Version 16.11 (Includes 16.0 - 16.10) prior to 16.11.52
Microsoft Visual Studio 2017 Version 15.9 (Includes 15.0 - 15.8) prior to 15.9.77
QID Detection Logic (Authenticated):
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key 'HKLM\SOFTWARE\Microsoft' and file 'devenv.exe' version to check the version of the Visual Studio. - Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
CVE-2025-55315
CVE-2025-54132
CVE-2025-55248
CVE-2025-55240
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-54132
CVE-2025-55240
CVE-2025-55248
CVE-2025-55315
-
Microsoft Azure Connected Machine Agent Elevation of Privilege Vulnerability for October 2025
- Severity
- Critical 4
- Qualys ID
- 92316
- Vendor Reference
- CVE-2025-47989
- CVE Reference
- CVE-2025-47989
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Azure Connected Machine agent enables you to manage your Windows and Linux machines hosted outside of Azure on your corporate network or other cloud providers.
Affected versions:
All versions before version 1.57
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions by checking the file version.
On Linux, this QID detects vulnerable versions by checking the Azure Arc-enabled version present in "/usr/share/dotnet/shared/Azure Arc-enabled/" and "/root/shared/Azure Arc-enabled" folders.
- Consequence
- Successful exploitation of this allows an authorized attacker to elevate privileges locally.
- Solution
-
Customers are advised to refer to
CVE-2025-47989
for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-47989
-
Microsoft .NET Framework Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 92317
- Vendor Reference
- CVE-2025-55248
- CVE Reference
- CVE-2025-55248
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
A Remote Code Execution (RCE) Vulnerability exist in Microsoft .Net Framework.
Following KBs are covered in this detection:
5066740
5066742
5066128
5066739
5066741
5066131
5066129
5066133
5066747
5066746
5066743
5066836
5066738
5066136
This security update is rated Important for supported versions of Microsoft .NET Framework.
.NET Framework 2.0, 3.0, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1QID Detection Logic (Authenticated):
Checks for vulnerable file version of ntoskrnl.exe or Mscorlib.dll or System.dll or System.web.dll for the respective .Net Framework KBs
- Consequence
-
A vulnerable .NET Framework version may be prone to Information Disclosure
- Solution
-
Customers are advised to refer to the the Article(s): CVE-2025-55248 for more information regarding this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-55248
-
Microsoft Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability for October 2025
- Severity
- Serious 3
- Qualys ID
- 92318
- Vendor Reference
- CVE-2025-53717
- CVE Reference
- CVE-2025-53717
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
Affected version
It impacts Windows 11 Security updates under KB5066793
KB5066835
- Consequence
- Successful exploit leads to an authorized attacker to elevate privileges locally.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5066793
KB5066835
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-53717
-
Microsoft Remote Desktop Client Security Update for October 2025
- Severity
- Critical 4
- Qualys ID
- 92319
- Vendor Reference
- CVE-2025-58718
- CVE Reference
- CVE-2025-58718
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device.
Affected Versions:-
Remote Desktop client Prior to 1.2.6599.0QID Detection Logic:(Authenticated)
This QID checks for a vulnerable Remote Desktop client by checking file version of "msrdc.exe" - Consequence
- Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- Solution
-
Customers are advised to refer to Microsoft Advisory for this vulnerability CVE-2025-58718
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-58718
-
Microsoft Defender for Linux Denial of Service Vulnerability (October 2025)
- Severity
- Critical 4
- Qualys ID
- 92321
- Vendor Reference
- Microsoft Defender for Endpoint for Linux
- CVE Reference
- CVE-2025-59497
- CVSS Scores
- Base 6 / Temporal 4.4
- Description
-
Microsoft Defender for Linux is affected by a denial of service vulnerability, tracked as CVE-2025-59497. An authenticated local attacker can exploit a time-of-check time-of-use (TOCTOU) race condition to trigger a denial of service (DoS) on the affected Linux system.
Affected Versions:
Microsoft Defender for Endpoint for Linux versions prior to v101.25032.0010QID Detection Logic:
This authenticated QID detects vulnerable software versions by running the "mdatp version" command to detect vulnerable endpoints. - Consequence
-
Successful exploitation of this vulnerability could allow a local authenticated attacker to trigger a denial of service, causing Microsoft Defender for Linux to stop functioning. This may lead to loss of security monitoring, increased risk of undetected threats, and reduced protection against malware or attacks on the affected system.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-59497 for more information regarding these vulnerabilities.Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-59497
These new vulnerability checks are included in Qualys vulnerability signature 2.6.443-5. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 110508
- 110509
- 385525
- 385526
- 385527
- 50143
- 92311
- 92312
- 92313
- 92314
- 92315
- 92316
- 92317
- 92318
- 92319
- 92321
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.