RadioCSIRT — Patch Tuesday octobre 2025 (Ép.456)

from RadioCSIRT - Edition Française · host Marc Frédéric GOMEZ

Bienvenue dans votre bulletin spécial Patch Tuesday d’octobre 2025 ⚡️🧩 Microsoft — 172 vulnérabilités corrigées, 6 zero-daysLe Patch Tuesday d’octobre corrige 172 failles, dont 6 zero-days et 8 vulnérabilités critiques.Fin de support pour Windows 10, remplacé par le programme Extended Security Updates (ESU).Les zero-days exploitées sont :CVE-2025-24990 — Agere Modem Driver, élévation de privilèges, pilote supprimé du système. Attribution : Fabian Mosch et Jordan Jay.CVE-2025-59230 — Windows Remote Access Connection Manager, élévation de privilèges locale, exploitation active. Attribution : MSTIC et MSRC.CVE-2025-47827 — Secure Boot bypass dans IGEL OS avant la version 11, découverte par Zack Didcott.Les zero-days divulguées publiquement :CVE-2025-0033 — AMD EPYC SEV-SNP, corruption RMP lors de l’initialisation. Chercheurs : Benedict Schlueter, Supraja Sridhara, Shweta Shinde (ETH Zurich).CVE-2025-24052 — Variante de la faille Agere Modem, exploitable même sans modem actif.CVE-2025-2884 — TCG TPM 2.0, lecture hors limites, risque de divulgation d’informations. Attribution : Trusted Computing Group et chercheur anonyme. 🚨 CVE-2025-59287 — Windows Server Update Services (WSUS)Faille critique d’exécution de code à distance, score CVSS 9.8.Vecteur réseau, aucune authentification requise. Microsoft qualifie l’exploitation comme « plus probable ».📄 Microsoft Office et composants associésPlusieurs vulnérabilités RCE via le Preview Pane (CVE-2025-59227, CVE-2025-59234).Correctifs aussi pour Azure, Entra ID, Copilot, Kernel, BitLocker, Exchange, SharePoint, .NET et Visual Studio.🔧 Autres éditeurs — Mises à jour d’octobre 2025Adobe : correctifs multiples. Cisco : IOS, UCM, Cyber Vision Center.Draytek : RCE pré-auth sur routeurs Vigor.Gladinet : zero-day CentreStack activement exploitée.Ivanti : correctifs pour EPMM et Neurons for MDM.Oracle : deux zero-days dans E-Business Suite.Redis : RCE de sévérité maximale.SAP : faille critique d’exécution de commande dans NetWeaver.Synacor : zero-day dans Zimbra Collaboration Suite exploitée pour vol de données.🧭 Cycle de vie MicrosoftDerniers correctifs gratuits pour Windows 10, Office 2016/2019, Exchange 2016/2019.Remplacement d’Exchange Server par Exchange Server Subscription Edition.⚡️ On ne réfléchit pas, on patch !📚 Sources :https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/https://www.rapid7.com/blog/post/em-patch-tuesday-october-2025/📞 Partagez vos retours :📱 07 68 72 20 09📧 [email protected]🌐 https://www.radiocsirt.org📰 https://radiocsirt.substack.com#CyberSécurité #PatchTuesday #Microsoft #CERT #CVE #ZeroDay #Windows10 #WSUS #Office #Azure #Exchange #TPM #AMD #RCE #Update #RadioCSIRT

NOW PLAYING

0:00 7:56

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

S24 E223: The 'Big Boy' Is Coming to Town

Jun 1, 2026 ·57m

S24 E222: Hancock Co. Commissioners Hitting the Road

May 29, 2026 ·60m

S24 E221: Buy Now, Pay Later for Small Business

May 28, 2026 ·53m

S24 E220: At Long Last, Today's the Day for the Children's Museum

May 27, 2026 ·57m

S24 E219: The State of Education in America

May 26, 2026 ·61m

When Agents Have Wallets, Trust Is Currency

May 21, 2026 ·51m

Similar Podcasts

Paris o'clock Aurélie Moureaux Le podcast qui parle de culture française en français facile RajCast Northwest Foundation For ACIM Follow along as Raj, channeled by Paul Tuttle, reads from and comments on the original version of A Course In Miracles (Sparkly Edition). Let's Stay Out (Zenith Edition) Let Em Riot Written by: Let Em RiotProduced, Mixed and Mastered by: Zenith Sounds Invisible Machines podcast by UX Magazine Invisible Machines "The enemy of nonsense in AI" | The #1 podcast about agentic AIJoin great conversations with experts about the intersections between AI, product design, technology and business.The bestselling authors of Age Of Invisible Machines are joined by other luminaries to continue the conversations that began in their book—the first bestseller about agentic AI. With a newly revised and updated Second Edition that hit the shelves in spring of 2025, Robb Wilson (CEO and Co-Founder of OneReach.ai) and Josh Tyson expand their explorations of disruptive technology with fellow AI insiders, experts, and luminaries working in adjacent realms.

Frequently Asked Questions

How long is this episode of RadioCSIRT - Edition Française?

This episode is 7 minutes long.

When was this RadioCSIRT - Edition Française episode published?

This episode was published on October 17, 2025.

What is this episode about?

Can I download this RadioCSIRT - Edition Française episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!