好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得通读整篇文章,抓住主要信息。 文章主要讲的是微软在2025年的Patch Tuesday更新中修复了超过1100个CVE漏洞,其中包括40个零日漏洞。这些漏洞按类型分类,其中EoP(权限提升)占了38.3%,RCE(远程代码执行)占30.8%。此外,有24个零日漏洞被野外利用。 接下来,我需要将这些信息浓缩到100字以内。要确保包含关键数据:CVE数量、零日漏洞数量、主要漏洞类型及其百分比,以及被利用的零日数量。 可能的结构是:微软修复了1130个CVE,其中41个是零日漏洞,24个被利用。EoP和RCE是主要类型。这样既简洁又全面。 最后检查一下字数是否符合要求,并确保没有使用“文章内容总结”之类的开头。 </think> 微软在2025年的Patch Tuesday更新中修复了1,130个CVE漏洞,包括41个零日漏洞(其中24个被野外利用)。权限提升(EoP)和远程代码执行(RCE)是主要漏洞类型。 2025-12-10 20:49:16 Author: www.tenable.com(查看原文) 阅读量:12 收藏
December 10, 2025
5 Min Read
Microsoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities.
Key takeaways:
- Microsoft's 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000.
- Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in 2025, followed by Remote Code Execution flaws at 30.8%.
- 41 zero-day vulnerabilities were addressed across all Patch Tuesday releases in 2025, including 24 that were exploited in the wild.
Background
Microsoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its 22nd anniversary. The Tenable Research Special Operations Team (RSO) first covered the 20th anniversary in 2023, followed by our 2024 year in review publication, covering the trends and significant vulnerabilities from the 2024 Patch Tuesday releases.
Analysis
In 2025, Microsoft patched 1,130 CVEs throughout the year across a number of products. This was a 12% increase compared to 2024, when Microsoft patched 1,009 CVEs. With another year of Patch Tuesday releases behind us, Microsoft has yet to break its 2020 record with 1,245 CVE’s patched. However, this is the second year in a row that Microsoft crossed the 1,000 CVE threshold, and the third time since Patch Tuesday’s inception.
In 2025, Microsoft broke its record for the most CVEs patched in a month twice. The year started off with the largest Patch Tuesday release with 157 CVEs patched. This record was broken again in October with 167 CVEs patched.
Patch Tuesday 2025 by severity
Each month, Microsoft categorizes vulnerabilities into four main severity levels: low, moderate, important and critical.
Over the last three years, the bulk of the Patch Tuesday vulnerabilities continue to be rated as important. In 2025, 91.3% of all CVEs patched were rated important, followed by critical at 8.1%. Moderate accounted for 0.4%, while there were no CVEs rated as low in 2025.
Patch Tuesday 2025 by impact
In addition to severity levels, Microsoft also categorizes vulnerabilities by seven impact levels: remote code execution (RCE), elevation of privilege (EoP), denial of service (DoS), information disclosure, spoofing, security feature bypass and tampering.
In 2024, RCE vulnerabilities led the impact category, however 2025 saw EoP vulnerabilities taking the lead with 38.3% of all Patch Tuesday vulnerabilities. RCE accounted for 30.8%, followed by information disclosure flaws at 14.2% and DoS vulnerabilities at 7.7%. In a strange coincidence, this year there were only 4 CVEs categorized as tampering, which was the same in 2024. In both 2024 and 2025, tampering flaws accounted for only 0.4%.
Patch Tuesday 2025 zero-day vulnerabilities
In 2025, Microsoft patched 41 CVEs that were identified as zero-day vulnerabilities. Of the 41 CVEs, 24 were exploited in the wild. While not all zero-days were exploited, we classify zero-days as those vulnerabilities that were disclosed prior to being patched by the vendor.
Looking deeper at the 24 CVEs that were exploited in the wild, 62.5% were EoP flaws. EoP vulnerabilities are often leveraged by advanced persistent threat (APT) actors and determined cybercriminals seeking to elevate privileges as part of post-compromise activity. Following EoP flaws, RCEs were the second most prominent vulnerabilities across Patch Tuesday, accounting for 20.8% of zero-day flaws.
While only a small number of zero-days were addressed as part of 2025’s Patch Tuesday releases, we took a deeper dive into some of the more notable zero-days from the year. The table below includes these CVEs along with details on their exploitation activity.
| CVE | Description | Exploitation Activity |
|---|---|---|
| CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | Used with the PipeMagic backdoor to spread ransomware. |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Exploited by Storm-2460, also known as RansomEXX. Abused by the PipeMagic backdoor in order to spread ransomware. |
| CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability | Exploited by Water Gamayu (aka EncryptHub, Larva-208) to deploy the MSC EvilTwin trojan loader. The attack campaigns also saw several malware variants abused, including EncryptHub stealer, DarkWisp backdoor, SilentPrism backdoor, Stealc and the Rhadamanthys stealer. |
| CVE-2025-33053 | Internet Shortcut Files Remote Code Execution Vulnerability | Exploited by the APT known as Stealth Falcon (aka FruityArmor, G0038) to deploy Horus Agent malware. |
| CVE-2025-49704 | Microsoft SharePoint Remote Code Execution Vulnerability | Exploited by multiple APTs and nation-state actors including Linen Typhoon (aka Emissary Panda), Violet Typhoon, Storm-2603 and Warlock ransomware (aka GOLD SALEM). Chained with CVE-2025-49706 in an attack dubbed ToolShell. |
| CVE-2025-49706 | Microsoft SharePoint Server Spoofing Vulnerability | Exploited by multiple APTs and nation-state actors including Linen Typhoon (aka Emissary Panda), Violet Typhoon, Storm-2603 and Warlock ransomware (aka GOLD SALEM). Chained with CVE-2025-49704 in an attack dubbed ToolShell. |
Conclusion
With 2025’s Patch Tuesday releases in our rear-view mirror, it’s evident that we continue to see an upward trend in the number of vulnerabilities addressed year over year by Microsoft. With the lion's share of the market for operating systems, it’s imperative that defenders are quick to apply patches on the monthly release of Patch Tuesday updates. Attackers are often opportunistic and ready to capitalize on the latest exploitable vulnerabilities. As always, the RSO team will continue our monthly cadence of Patch Tuesday blogs, ensuring our readers have the actionable information necessary to take immediate action and improve their organization's security posture.
Get more information
- Tenable Blog: Microsoft Patch Tuesday 2024 Year in Review
- Tenable Blog: Microsoft Patch Tuesday 2023 Year in Review
Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Research Special Operations
The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.
- Exposure Management
- Vulnerability Management
Cybersecurity news you can use
Enter your email and never miss timely alerts and security guidance from the experts at Tenable.
如有侵权请联系:admin#unsafe.sh