October 1, 2025 Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.
Yesterday my Windows 11 automatically update to 25H2 version. Well, I don't see the AI option in the context menu, and i'm not able to understand the reason.
CVEs have been published or revised in the Security Update Guide October 3, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-59489 · Title: MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 3, 2025 · Last updated: October 3, 2025 · Aggregate CVE severity rating: Customer action required: Yes
CVEs have been published or revised in the Security Update Guide October 7, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-59489 · Title: MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability · Version: 2.0 · Reason for revision: Updated the build numbers. This is an informational update only. · Originally released: October 3, 2025 · Last updated: October 7, 2025 · Aggregate CVE severity rating: Customer action required: Yes
October 7, 2025 Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.
CVEs have been published or revised in the Security Update Guide October 9, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-55321 · Title: Azure Monitor Log Analytics Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59218 · Title: Azure Entra ID Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59246 · Title: Azure Entra ID Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59247 · Title: Azure PlayFab Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59252 · Title: M365 Copilot Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59271 · Title: Redis Enterprise Elevation of Privilege Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59272 · Title: Copilot Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical · Customer action required: No CVE-2025-59286 · Title: Copilot Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: October 9, 2025 · Last updated: October 9, 2025 · Aggregate CVE severity rating: Critical Customer action required: No
CVEs have been published or revised in the Security Update Guide October 15, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-30098 Title: Windows Cryptographic Services Security Feature Bypass Vulnerability Version: 2.1 Reason for revision: Updated links to security updates. This is an informational change only. Originally released: July 9, 2024 Last updated: March 26, 2025 Aggregate CVE severity rating: Important Customer action required: Yes CVE-2024-30098 Title: Windows Cryptographic Services Security Feature Bypass Vulnerability Version: 3.0 Reason for revision: The following updates have been made to CVE-2024-30098: 1. In the Security Updates table, added all supported versions Windows 11 25H2 as they are affected by the vulnerability. 2. To enable the fix by default, Microsoft has released October 2025 security updates for all affected versions of Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2022 23H2 Edition, Windows 10, and Windows 11. 3. Updated the "Are there any further actions I need to take to be protected from this vulnerability?" FAQ to state that starting with the October 2025 security updates, the fix will be enabled by default (DisableCapiOverrideForRSA set to 1) and the KSP will be used for RSA based certificates in the Smart Card Certificate Propagation service. If you discover applications relying on the old behavior, the DisableCapiOverrideForRSA registry key can be set back to 0 to switch back to auditing mode. The DisableCapiOverrideForRSA registry key will be removed in April 2026. See the FAQ section of this CVE for more information. Originally released: July 9, 2024 Last updated: October 14, 2025 Aggregate CVE severity rating: Important Customer action required: Yes CVE-2025-50173 Title: Windows Installer Elevation of Privilege Vulnerability Version: 2.0 Reason for revision: In the Security Update table, added Multimedia Redirection Installer as it is also affected by this vulnerability. Microsoft recommends that customers using Multimedia Redirection Installer install the update to be fully protected from the vulnerability. Originally released: August 12, 2025 Last updated: October 14, 2025 Aggregate CVE severity rating: Important Customer action required: Yes
October 14, 2025 Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.
October 20, 2025—KB5070773 (OS Builds 26200.6901 and 26100.6901) Out-of-band Applies To: Windows 11 version 25H2, all editions Windows 11 version 24H2, all editions https://support.microsoft.com/en-us...-of-band-0f533ed7-949a-4b89-8d0f-6ee751adfcd4 -------- Microsoft outs KB5070773 emergency Windows 11 update to fix unusable USB keyboard mouse bug https://www.neowin.net/news/microso...pdate-to-fix-unusable-usb-keyboard-mouse-bug/
October 21, 2025 Microsoft is aware of the recent Chromium security fixes. We are actively working on releasing a security fix.
CVEs have been published or revised in the Security Update Guide October 23, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-55315 Title: ASP.NET Security Feature Bypass Vulnerability Version: 1.1 Reason for revision: Added an FAQ to explain the disparity between the Important severity, the exploitability assessment of "less likely to be exploited", and the high CVSS3.1 score of 9.9 out of 10. Originally released: October 14, 2025 Last updated: October 22, 2025 Aggregate CVE severity rating: Important Customer action required: Yes CVE-2025-59287 Title: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Version: 2.0 Reason for revision: To comprehensively address CVE-2025-59287, Microsoft has released an out of band security update for the following supported versions of Windows Server: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), and Windows Server 2025. Note that a reboot will be required after you install the updates. Originally released: October 14, 2025 Last updated: October 23, 2025 Aggregate CVE severity rating: Critical Customer action required: Yes
Is it safe yet to do October's update yet? I've read so many bork stories about October's update. Using W11P 24H2. And hopefully after a successful October update is it safe to upgrade to 25H2?
