check before: 2025-10-24
Product:
Windows, Windows Server
Platform:
Online, World tenant
Status:
Change type:
Admin impact
Links:
Details:
IMPORTANT: This notice is only relevant for environments where:
Scan Cab is used to check for update compliance.
The October 2025 Scan Cab was deployed before 8:54 pm PT on October 24, 2025.
An updated version of the October 2025 Scan Cab was made available at 8:54 pm PT on October 24, 2025. This Scan Cab includes new metadata corresponding to new updates for the following versions of Windows Server:
Windows Server 2025 (KB5070762; KB5070881)
Windows Server, version 23H2 (KB5070879)
Windows Server 2022 (KB5070884)
Azure Automanage for Windows Server 2022 with Hotpatch (KB5070892)
Windows Server 2019 (KB5070883)
Windows Server 2016 (KB5070882)
Windows Server 2012 R2 (KB5070886)
Windows Server 2012 (KB5070887)
The new Microsoft updates include an out-of-band update, released October 20, 2025, to fix an issue in the Windows Recovery Environment (WinRE), and out-of-band updates, released October 23-24, 2025, that include additional protections to address CVE-2025-59287. Windows servers that do not have the WSUS server role enabled are not affected by this vulnerability. See the additional information section of this message for details.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-10-25
updated:
2025-10-25
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Risk of Vulnerability
If the updated Scan Cab is not deployed, systems may remain vulnerable to CVE-2025-59287, leading to potential remote code execution risks.
- roles: IT Administrator, Security Officer
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287, https://support.microsoft.com/topic/kb5070762-safe-os-dynamic-out-of-band-update-for-windows-11-version-24h2-and-25h2-and-windows-server-2025-october-20-2025-b92451e7-99c1-4ef8-ad12-b3f6bf381d8d
Update Compliance Issues
Failure to re-deploy the updated Scan Cab may result in inaccurate update compliance assessments, affecting system management and user experience.
- roles: IT Administrator, System Analyst
- references: https://learn.microsoft.com/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site, https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-a-smaller-wsus-scan-cab/ba-p/2928256?msclkid=256145ccd0c011ec9266b53af8d0aca1
Configutation Options**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 5 months ago ago
