Important Notice: Security vulnerabilities of Microsoft (updated at 15 October 2026)
關於 Microsoft 的安全漏洞通告 (更新於 2025年10月15日)
資訊安全警示 Information Security Alert
To: All Users
As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its October security update notice, there are 193 vulnerability updates this time.
The updates this time mainly cover the following components: Windows NTFS, Windows Cloud Files Mini Filter Driver, Windows NTLM, Windows Remote Desktop Protocol, Windows Remote Desktop Services, Windows Local Session Manager (LSM) products vulnerabilities.
Details of the vulnerabilities:
- Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230
- IGEL OS 11 Secure Boot Bypass Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827
- Windows Agere Modem Driver Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990
- Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287
- Azure Entra ID Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59246
- Microsoft Office Remote Code Execution Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59227
- Windows Kernel Elevation of Privilege Vulnerability
For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59194
For more details about Microsoft October Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2025-oct
If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible.
Reference
- How to download and install software in a secure manner?
- Basic Knowledge of Online Safety and Security
- Other Information Security Tips
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Microsoft 近日發布了 10月安全更新通告,此次包含了 193個漏洞更新。
此次釋出的更新主要涵蓋了以下組件: Windows NTFS, Windows Cloud Files Mini Filter Driver, Windows NTLM, Windows Remote Desktop Protocol, Windows Remote Desktop Services, Windows Local Session Manager (LSM) 等產品的漏洞。
漏洞詳情:
- Windows 遠端存取連線管理員許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230
- IGEL OS 11 安全引導繞過漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827
- Windows Agere Modem Driver 許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990
- Windows 伺服器更新服務 (WSUS) 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287
- Azure Entra ID 許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59246
- Microsoft Office 遠端代碼執行漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59227
- Windows 內核許可權提升漏洞
有關詳情可參考:https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59194
Microsoft 10月更新有關詳情可參考:https://msrc.microsoft.com/update-guide/releaseNote/2025-oct
倘有使用相關受影響產品,須盡快安裝由微軟公司釋出的安全更新。
參考資料
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部