Microsoft has released this month’s Patch Tuesday updates, delivering fixes for 172 security vulnerabilities across its products, including six zero-day flaws that were publicly disclosed or actively exploited before patches became available.
This month’s update also includes eight “Critical” vulnerabilities, five of which could allow remote code execution and three that enable privilege escalation. The breakdown looks like this:
80 Elevation of Privilege vulnerabilities
11 Security Feature Bypass vulnerabilities
31 Remote Code Execution vulnerabilities
28 Information Disclosure vulnerabilities
11 Denial of Service vulnerabilities
10 Spoofing vulnerabilities
As always, these figures reflect the updates released on Patch Tuesday itself and do not include earlier fixes for Azure, Microsoft Edge, or other Microsoft products issued throughout the month.
Among the most urgent fixes this month are six zero-day vulnerabilities, several of which have already been exploited in the wild:
Windows Agere Modem Driver (CVE-2025-24990 & CVE-2025-24052)
A long-standing issue in the Agere Modem driver has been actively exploited to gain administrative privileges. Microsoft has now removed the vulnerable driver entirely, warning that related fax modem hardware will no longer function after patching.
Windows Remote Access Connection Manager (CVE-2025-59230)
A privilege escalation flaw allowed attackers to gain SYSTEM-level control through improper access controls. Exploitation requires some effort but could result in full local compromise if successful.
IGEL OS Secure Boot Bypass (CVE-2025-47827)
A Secure Boot issue in IGEL OS allowed attackers to mount unverified filesystems and bypass security controls. Microsoft has included updated protections in this month’s cumulative patches.
AMD EPYC Processors (CVE-2025-0033)
This vulnerability affects AMD EPYC processors running in Azure environments, potentially allowing a malicious hypervisor to modify protected memory. While it does not expose plaintext data, Microsoft is continuing to roll out mitigations for Azure Confidential Computing clusters.
Trusted Platform Module 2.0 (CVE-2025-2884)
An out-of-bounds read flaw in the TCG TPM 2.0 reference implementation could lead to information disclosure or denial of service. This has now been resolved in the October updates.
October’s release is particularly notable as it marks the final Patch Tuesday providing free security updates for Windows 10. Moving forward, businesses and individuals will need to enrol in Microsoft’s Extended Security Updates (ESU) programme to continue receiving protection, available for one year for consumers and up to three years for enterprise customers.
Several other vendors released notable security updates this month, including:
Adobe – fixes for multiple product vulnerabilities.
Cisco – patches for IOS, Unified Communications Manager, and Cyber Vision Center.
DrayTek – update for a pre-auth remote code execution flaw affecting Vigor routers.
Gladinet – warning customers of an active CentreStack zero-day exploitation.
Ivanti – patches for Endpoint Manager Mobile (EPMM) and Neurons for MDM.
Oracle – emergency fixes for two actively exploited E-Business Suite zero-days.
Redis – update for a maximum-severity remote code execution vulnerability.
SAP – fixes for multiple products, including a critical command execution flaw in NetWeaver.
Synacor – update for a Zimbra Collaboration Suite zero-day used in data theft campaigns.
With over 170 vulnerabilities patched, this update highlights the continued complexity and scale of threats facing Windows environments. The removal of long-standing drivers, fixes to privilege escalation paths, and Secure Boot updates all point to attackers increasingly exploiting deep system components.
Organisations should prioritise deployment of these patches, especially the six zero-days, and review any extended support requirements if still operating on Windows 10. As always, test updates in controlled environments before full rollout to minimise disruption.
The full list of vulnerabilities resolved in Microsoft’s October 2025 Patch Tuesday can be found in Microsoft’s official release notes.