一、漏洞簡述
微軟釋出 10 月份產品安全性更新,本次共修補 196 個漏洞,涵蓋 .NET、Windows、Exchange、Edge、Azure、多項核心元件與系統服務。
由於受影響範圍極廣,若未及時更新,可能導致身分提升、遠端程式碼執行(RCE)、資訊洩漏、權限繞過等風險,建議各機關與單位儘速確認版本並完成修補。
二、設備/版本影響
受影響平台包含(依原文保留):
-
.NET
-
.NET, .NET Framework, Visual Studio
-
AMD Restricted Memory Page
-
ASP.NET Core
-
Active Directory Federation Services
-
Agere Windows Modem Driver
-
Azure Connected Machine Agent
-
Azure Entra ID
-
Azure Local
-
Azure Monitor
-
Azure Monitor Agent
-
Azure PlayFab
-
Confidential Azure Container Instances
-
Connected Devices Platform Service (Cdpsvc)
-
Copilot
-
Data Sharing Service Client
-
Games
-
GitHub
-
Inbox COM Objects
-
Internet Explorer
-
JDBC Driver for SQL Server
-
Microsoft Brokering File System
-
Microsoft Configuration Manager
-
Microsoft Defender for Linux
-
Microsoft Edge (Chromium-based)
-
Microsoft Exchange Server
-
Microsoft Failover Cluster Virtual Driver
-
Microsoft Graphics Component
-
Microsoft Office(含 Excel、PowerPoint、SharePoint、Visio、Word)
-
Microsoft PowerShell
-
Microsoft Windows(含大量模組)
-
Remote Desktop Client
-
SQL 相關元件
-
Windows 核心、通訊協定、認證、檔案系統、驅動程式、藍牙、WinSock、NTLM、Explorer、Shell…等
-
Xbox 與 Xbox Gaming Services
三、建議處置
目前微軟官方已針對弱點釋出修復版本,請各機關可聯絡系統維護廠商或參考以下連結:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct
四、相關連結
參考資料:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct