October 2025 Windows 11 Security and Feature Updates Deployment
Microsoft released cumulative updates KB5066835 and KB5066793 for Windows 11 versions 25H2/24H2 and 23H2 as part of the October 2025 Patch Tuesday. These updates are mandatory and address a range of security vulnerabilities discovered in previous months, ensuring that systems remain protected against the latest threats. The updates can be installed automatically through Windows Update or manually via the Microsoft Update Catalog, providing flexibility for both end users and enterprise administrators. After installation, the build numbers for Windows 11 25H2 and 24H2 are updated to Build 26200.6899 and 26100.6899, respectively, while 23H2 is updated to 226x1.6050. This release marks the first Patch Tuesday update for version 25H2, which shares its codebase with 24H2, resulting in identical fixes and improvements across both versions. Notably, this is the penultimate update for Windows 11 23H2, as its support is scheduled to end in November 2025. The update resolves several issues, including a bug that caused the print preview screen to freeze in Chromium-based browsers, and a problem where apps and games became unresponsive if users signed in with only a Gamepad at the lock screen. PowerShell Remoting and Windows Remote Management (WinRM) timeouts have been addressed, improving reliability for remote administration tasks. An issue preventing audit events from being logged has also been fixed, enhancing system monitoring and compliance. The update improves the setup process for Windows Hello face recognition, particularly when using USB infrared camera modules, ensuring smoother biometric authentication. Microsoft emphasizes the importance of keeping security intelligence up to date in its antimalware products, such as Microsoft Defender Antivirus, to maintain robust protection against evolving threats. Security intelligence updates are delivered automatically via Windows Update, but users and administrators can also trigger manual updates to ensure immediate coverage. These updates leverage cloud-based protection and AI-enhanced detection to rapidly identify and mitigate new malware and attack techniques. Microsoft provides troubleshooting resources for users experiencing issues with automatic updates, ensuring that security patches and intelligence updates are applied promptly. The integration of third-party materials in security intelligence updates is disclosed, maintaining transparency in the update process. Overall, the October 2025 Patch Tuesday updates represent a comprehensive effort by Microsoft to address security vulnerabilities, improve system stability, and enhance user experience across supported Windows 11 versions.
Sources
Related Stories
Windows 11 25H2/24H2 Preview Updates Add AI Features and Flag Secure Boot Certificate Expiration
Microsoft began rolling out **Windows 11 preview updates** for versions **25H2 and 24H2** (including the optional non-security preview update `KB5074105` and Release Preview builds `26200.7701`/`26100.7701`) focused on functionality, performance, and reliability improvements rather than patching new security vulnerabilities. The updates emphasize expanded **AI-driven experiences** (including refinements to Copilot+ PC-related models and more natural-language assistance within Settings), along with usability changes and a simplified Windows update title format intended to reduce administrative friction in tools like **WSUS** and **Microsoft Configuration Manager**. Alongside these feature updates, Microsoft highlighted an operational security risk: **Windows Secure Boot certificates** used by most Windows devices are expected to begin expiring in **June 2026**, and organizations that do not update Certificate Authority (CA) material in time may face devices that cannot boot securely. Separately, consumer guidance circulated on bypassing Windows 11 hardware eligibility checks (notably **TPM 2.0** requirements) to upgrade “unsupported” PCs; while this may extend device usability after Windows 10 support ended, it can also undermine Microsoft’s intended security baseline and increase enterprise risk if adopted outside controlled policy.
1 months ago
Microsoft March Patch Tuesday Ships 83 Fixes and Windows 11 Cumulative Updates
Microsoft’s March Patch Tuesday security release shipped fixes for **83 vulnerabilities** across its enterprise software and services, and was notable for having **no actively exploited zero-days** for the first time in six months. Microsoft flagged **six** vulnerabilities as “more likely to be exploited,” and noted two issues—`CVE-2026-21262` and `CVE-2026-26127`—were **publicly known** at release. Researchers highlighted an Excel information-disclosure issue, `CVE-2026-26144`, describing a scenario where an attacker could potentially induce a *Copilot Agent* to exfiltrate data in a **zero-click** style workflow, and also pointed to Office flaws `CVE-2026-26110` and `CVE-2026-26113` (CVSS 8.4) that could enable **arbitrary code execution** via the Office preview pane. Microsoft also released **mandatory Windows 11 cumulative updates** `KB5079473` (25H2/24H2) and `KB5078883` (23H2) that incorporate the March 2026 Patch Tuesday security fixes, along with additional non-security changes. The updates advance build numbers to **26200.8037/26100.8037** (25H2/24H2) and **22631.6783** (23H2), expand “high-confidence device targeting” to increase coverage for automatic delivery of new **Secure Boot certificates**, and include reliability improvements such as better File Explorer search across drives and changes to **Windows Defender Application Control (WDAC)** behavior for COM objects (policy listing support).
4 days agoMicrosoft October 2025 Patch Tuesday Addresses Multiple Zero-Days and Over 170 Vulnerabilities
Microsoft released its October 2025 Patch Tuesday security updates, addressing a total of 172 vulnerabilities across its product suite, including six zero-day vulnerabilities. The update marks a significant milestone as it is the final free security update for Windows 10, which has now reached its end of support, requiring users and enterprises to enroll in Extended Security Updates (ESU) for continued protection. Among the vulnerabilities patched, eight were rated as 'Critical,' with five being remote code execution flaws and three classified as elevation of privilege vulnerabilities. The breakdown of vulnerabilities includes 80 elevation of privilege, 11 security feature bypass, 31 remote code execution, 28 information disclosure, 11 denial of service, and 10 spoofing vulnerabilities. Notably, two of the zero-day vulnerabilities were publicly disclosed prior to the patch, affecting Windows SMB Server and Microsoft SQL Server, while three zero-days were actively exploited in the wild. One of the exploited zero-days, CVE-2025-24990, involved the Agere Modem driver, which was being abused to gain administrative privileges, prompting Microsoft to remove the vulnerable driver from supported Windows operating systems. The Patch Tuesday release also included updates for a wide range of Microsoft products and components, such as .NET, Visual Studio, Active Directory Federation Services, Microsoft Office suite, Azure services, Windows authentication methods, and various Windows system components. The update was described as the largest Patch Tuesday release to date, with 167 CVEs directly patched according to some sources, excluding additional vulnerabilities in Chromium, MITRE, GitHub, CERT/CC, and cloud services that were addressed separately. The security updates did not include fixes for vulnerabilities in Microsoft Edge, Azure, or Mariner that were released earlier in the month. Microsoft emphasized the importance of these updates, especially for organizations still running Windows 10, as the cessation of free support increases the risk of exposure to unpatched vulnerabilities. The comprehensive nature of the update reflects the ongoing complexity and breadth of the Microsoft ecosystem, with critical patches spanning from core Windows components to cloud and developer tools. Security professionals are advised to prioritize the deployment of these patches, particularly those addressing actively exploited zero-days and critical remote code execution vulnerabilities. The update also highlights the evolving threat landscape, with attackers increasingly targeting third-party drivers and core system components to escalate privileges. Organizations are encouraged to review the full list of patched vulnerabilities and assess their exposure, especially in light of the end of support for Windows 10. The October 2025 Patch Tuesday underscores the necessity of timely patch management and the challenges posed by legacy systems in maintaining a secure enterprise environment.
5 months ago