The remote Windows host is missing security update 5066836. It is, therefore, affected by multiple vulnerabilities

  - tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in     debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with     subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

  - In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies     a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified     SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5066836: Windows 10 Version 1607 / Windows Server 2016 Security Update (October 2025)

critical Nessus Plugin ID 270384

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.7 Oct 31, 2025, 8:07 PM CISA reference Plugin Feed: 202510312007
Version 1.6 Oct 30, 2025, 11:01 PM Logic Changes (removed CVE from defective MS patches, added EXE checking to avoid systems with removed wsus roles) Plugin Feed: 202510302301
Version 1.5 Oct 25, 2025, 9:33 PM CISA reference Plugin Feed: 202510252133
Version 1.4 Oct 25, 2025, 5:08 AM CISA reference CVSSv3 score source (changed from "CVE-2025-59287" to none) Plugin Feed: 202510250508
Version 1.3 Oct 17, 2025, 4:06 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202510171606
Version 1.2 Oct 15, 2025, 4:14 PM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2025-59287") Plugin Feed: 202510151614
Version 1.1 Oct 14, 2025, 11:43 PM New Plugin Feed: 202510142343