MC1179337 – M365 Change Digest

One-line summary

Admins using Scan Cab before Oct 24, 2025, 8:54pm PT must re-acquire and redeploy it to ensure update compliance and address CVE-2025-59287 in Windows Server environments.

Similar updates

Details

Body (from Message Center)

IMPORTANT: This notice is only relevant for environments where:

Scan Cab is used to check for update compliance.
The October 2025 Scan Cab was deployed before 8:54 pm PT on October 24, 2025.

An updated version of the October 2025 Scan Cab was made available at 8:54 pm PT on October 24, 2025. This Scan Cab includes new metadata corresponding to new updates for the following versions of Windows Server:

Windows Server 2025 (KB5070762; KB5070881)
Windows Server, version 23H2 (KB5070879)
Windows Server 2022 (KB5070884)
Azure Automanage for Windows Server 2022 with Hotpatch (KB5070892)
Windows Server 2019 (KB5070883)
Windows Server 2016 (KB5070882)
Windows Server 2012 R2 (KB5070886)
Windows Server 2012 (KB5070887)

The new Microsoft updates include an out-of-band update, released October 20, 2025, to fix an issue in the Windows Recovery Environment (WinRE), and out-of-band updates, released October 23-24, 2025, that include additional protections to address CVE-2025-59287. Windows servers that do not have the WSUS server role enabled are not affected by this vulnerability. See the additional information section of this message for details.

How this affects your organization:

IT administrators who downloaded the Scan Cab before 8:54 pm PT on October 24, 2025, should re-acquire and re-deploy their Scan Cab if it is used to assess updates for environments where Windows Server is installed and the WSUS server role is enabled.

No action is required on environments where Scan Cab is not employed. However, please note that there might be non-Microsoft applications which utilize Scan Cab. Review the documentation for any software and update deployment tools which might be in use for your organization to understand if this is applicable in your environment.

What you need to do to prepare:

Administrators can re-deploy the updated Scan Cab via their usual processes. For detailed guidance, see the Additional information section below.

Additional information:

Updated Scan Cab: Download the new Scan Cab here
CVE-2025-59287: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Announcing a smaller WSUS Scan Cab - Microsoft Tech Community: Learn more about WSUS and the Scan Cab process
Using WUA to Scan for Updates Offline - Win32 apps | Microsoft Docs: Windows Update Agent (WUA) can be used to scan computers for security updates without connecting to Windows Update
WSUS and the Catalog Site | Microsoft Docs: The Catalog Site used by WSUS to import updates and drivers

Raw JSON (for debugging)

Expand/collapse the full payload below.

Show/hide raw

{
  "snapshot_item": {
    "action_required_by": null,
    "ai_action_required_by": null,
    "ai_actions": [
      "Re-acquire updated Scan Cab",
      "Redeploy Scan Cab in affected environments",
      "Review update deployment tools for Scan Cab usage"
    ],
    "ai_master_tags": [
      "Security"
    ],
    "ai_model": "gpt-4.1",
    "ai_summary": "Admins using Scan Cab before Oct 24, 2025, 8:54pm PT must re-acquire and redeploy it to ensure update compliance and address CVE-2025-59287 in Windows Server environments.",
    "ai_topics": [
      "Windows",
      "Windows Server"
    ],
    "category": "preventOrFixIssue",
    "details_map": {},
    "id": "MC1179337",
    "importance": 5,
    "is_major_change": false,
    "last_modified": "2025-10-25T04:01:59Z",
    "ms_products": [
      "Windows"
    ],
    "platforms": null,
    "roadmap_ids": [],
    "services": [
      "Windows"
    ],
    "severity": "normal",
    "tags": [
      "Admin impact"
    ],
    "title": "An updated version of the October 2025 Scan Cab is available"
  }
}