Microsoft’s October 2025 Patch Tuesday: 172 Vulnerabilities Fixed

Microsoft’s October 2025 Patch Tuesday is here, addressing a massive 172 security flaws across its products. Among them are six zero-day vulnerabilities, with three already being actively exploited in the wild, and eight rated as Critical — including five remote code execution (RCE) and three elevation of privilege (EoP) bugs.

Vulnerability Breakdown

Here’s the detailed breakdown of this month’s security issues:

• 80 – Elevation of Privilege
• 11 – Security Feature Bypass
• 31 – Remote Code Execution
• 28 – Information Disclosure
• 11 – Denial of Service
• 10 – Spoofing

Note: Only vulnerabilities released today are included. Fixes for Azure, Mariner, Microsoft Edge, and other products rolled out earlier in October are not part of this count.

End of an Era: Windows 10 Reaches End of Support

This month marks a major milestone —Windows 10 has officially reached its end of support. October 2025 is the final month for free security updates.

What next?

• Consumers: Can subscribe to Extended Security Updates (ESU) for one additional year.
• Enterprises: Can extend updates for up to three years.

For non-security updates, check Microsoft’s documentation for:

• Windows 11 KB5066835
• Windows 11 KB5066793

Six Zero-Day Vulnerabilities Fixed

Microsoft classifies a zero-day as a flaw that’s either publicly disclosed or actively exploited before a patch is available. This month’s update includes six such vulnerabilities — two publicly disclosed and three exploited in the wild.

1. 1. CVE-2025-24990 — Windows Agere Modem Driver Elevation of Privilege

1. 1. • Legacy driver ltmdm64.sys removed due to privilege escalation risks.
      • Disabling this driver impacts related fax modem hardware.
      • Discovered by: Fabian Mosch & Jordan Jay.
   2. CVE-2025-59230 — Windows Remote Access Connection Manager EoP
      
      • Attackers could gain SYSTEM-level privileges via improper access control.
      • Attributed to: Microsoft Threat Intelligence Center (MSTIC) and MSRC.
   3. CVE-2025-47827 — Secure Boot Bypass in IGEL OS
      
      • Secure Boot bypass fixed in IGEL OS before version 11.
      • Root cause: improper cryptographic signature verification.
      • Discovered by: Zack Didcott (public disclosure on GitHub).
   4. CVE-2025-0033 — AMD RMP Corruption During SEV-SNP Initialization
      
      • Vulnerability in AMD EPYC processors could allow a hypervisor to modify Reverse Map Table entries.
      • Affects Azure Confidential Computing clusters.
      • Reported by: Benedict Schlueter, Supraja Sridhara, and Shweta Shinde (ETH Zurich).
   5. CVE-2025-24052 — Windows Agere Modem Driver EoP
      
      • Another flaw in the Agere Modem driver, impacting all supported Windows versions — even when the modem isn’t in use.
   6. CVE-2025-2884 — Out-of-Bounds Read in TCG TPM 2.0
      
      • Out-of-Bounds read in TPM 2.0’s CryptHmacSign function could lead to information disclosure or denial of service.
      • Reported by: CERT/CC.

October 2025 Patch Tuesday: 172 fixes, six zero-days, and Windows 10 support ends.

Key Takeaways for Security Teams

• Patch immediately — especially zero-day and RCE vulnerabilities.
• Monitor for exploitation attempts, particularly in Agere Modem and Remote Access Connection Manager components.
• Plan Windows 10 migrations, as free support has officially ended.
• Test updates before deployment to avoid compatibility issues with older drivers and Secure Boot mechanisms.

Final Thoughts

With 172 vulnerabilities and the end of Windows 10’s support era, this month’s Patch Tuesday is one of the most significant in recent memory. Organizations should act quickly to patch affected systems, update security baselines, and prepare for a full transition to Windows 11 or supported enterprise builds.