Microsoft October 2025 Patch Tuesday Addresses Multiple Zero-Days and Over 170 Vulnerabilities
Microsoft released its October 2025 Patch Tuesday security updates, addressing a total of 172 vulnerabilities across its product suite, including six zero-day vulnerabilities. The update marks a significant milestone as it is the final free security update for Windows 10, which has now reached its end of support, requiring users and enterprises to enroll in Extended Security Updates (ESU) for continued protection. Among the vulnerabilities patched, eight were rated as 'Critical,' with five being remote code execution flaws and three classified as elevation of privilege vulnerabilities. The breakdown of vulnerabilities includes 80 elevation of privilege, 11 security feature bypass, 31 remote code execution, 28 information disclosure, 11 denial of service, and 10 spoofing vulnerabilities. Notably, two of the zero-day vulnerabilities were publicly disclosed prior to the patch, affecting Windows SMB Server and Microsoft SQL Server, while three zero-days were actively exploited in the wild. One of the exploited zero-days, CVE-2025-24990, involved the Agere Modem driver, which was being abused to gain administrative privileges, prompting Microsoft to remove the vulnerable driver from supported Windows operating systems. The Patch Tuesday release also included updates for a wide range of Microsoft products and components, such as .NET, Visual Studio, Active Directory Federation Services, Microsoft Office suite, Azure services, Windows authentication methods, and various Windows system components. The update was described as the largest Patch Tuesday release to date, with 167 CVEs directly patched according to some sources, excluding additional vulnerabilities in Chromium, MITRE, GitHub, CERT/CC, and cloud services that were addressed separately. The security updates did not include fixes for vulnerabilities in Microsoft Edge, Azure, or Mariner that were released earlier in the month. Microsoft emphasized the importance of these updates, especially for organizations still running Windows 10, as the cessation of free support increases the risk of exposure to unpatched vulnerabilities. The comprehensive nature of the update reflects the ongoing complexity and breadth of the Microsoft ecosystem, with critical patches spanning from core Windows components to cloud and developer tools. Security professionals are advised to prioritize the deployment of these patches, particularly those addressing actively exploited zero-days and critical remote code execution vulnerabilities. The update also highlights the evolving threat landscape, with attackers increasingly targeting third-party drivers and core system components to escalate privileges. Organizations are encouraged to review the full list of patched vulnerabilities and assess their exposure, especially in light of the end of support for Windows 10. The October 2025 Patch Tuesday underscores the necessity of timely patch management and the challenges posed by legacy systems in maintaining a secure enterprise environment.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Cisco Talos publishes Snort coverage for October Patch Tuesday threats
Following the October 2025 release, Cisco Talos published Snort rules to help detect exploitation attempts tied to the newly disclosed Microsoft vulnerabilities. Talos said additional detection updates were expected as more information became available.
Windows 10 and several Microsoft products reach end of support
Effective October 14, 2025, Windows 10 stopped receiving free security updates, with continued support available through Extended Security Updates. Multiple other Microsoft products, including Exchange Server 2016/2019 and Skype for Business 2016, were also reported as reaching end-of-life in the same timeframe.
Microsoft patches Office Preview Pane and other high-risk RCE flaws
The October 2025 release fixed several high-severity remote code execution bugs, including Microsoft Office vulnerabilities that could be triggered via the Preview Pane and the critical WSUS flaw CVE-2025-59287. Additional critical issues affected Windows graphics, ASP.NET Core/Kestrel, and cloud services.
Microsoft discloses actively exploited zero-days in October release
Microsoft's October 2025 updates included fixes for zero-days under active exploitation, notably CVE-2025-24990 in the Windows Agere Modem driver and CVE-2025-59230 in Windows Remote Access Connection Manager. Some reporting also included CVE-2025-47827, a Secure Boot bypass affecting IGEL OS, among the exploited issues addressed alongside Microsoft's release.
Microsoft issues October 2025 Patch Tuesday security updates
On October 14, 2025, Microsoft released its October Patch Tuesday updates, fixing roughly 167-175 vulnerabilities depending on counting methodology and separate advisories. The release included multiple critical flaws across Windows, Office, Azure and other Microsoft products.
Public PoC emerges for WSUS remote code execution flaw CVE-2025-59287
Before October 2025 Patch Tuesday, a public proof-of-concept was released for CVE-2025-59287, a critical deserialization-based remote code execution flaw in Windows Server Update Services. Microsoft later rated exploitation as more likely, and reporting said a trusted partner had observed active exploitation.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
19 references tracked. Mallory keeps watching after this page renders.
Microsoft’s Patch Tuesday: 172 Flaws Fixed
techrepublic.com
Open sourceCritical Patches Issued for Microsoft Products, October 14, 2025
cisecurity.org
Open sourceWindows 10's final update is a big one - with a record 173 bug fixes
zdnet.com
Open sourceMicrosoft patches three zero-days actively exploited by attackers
helpnetsecurity.com
Open sourceMicrosoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
bleepingcomputer.com
Open sourceMicrosoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days
cyberscoop.com
Open sourceOctober 2025 Patch Tuesday: Holes in Windows Server Update Service and an ancient modem driver
csoonline.com
Open sourcePatch Tuesday, October 2025 ‘End of 10’ Edition
krebsonsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft November 2025 Patch Tuesday Security Updates
Microsoft released security updates addressing 63 vulnerabilities as part of its November 2025 Patch Tuesday, including five rated as critical and one zero-day vulnerability actively exploited in the wild. The zero-day, tracked as CVE-2025-62215, is a Windows Kernel elevation of privilege flaw that allows a local, authenticated attacker to gain higher privileges due to a race condition. Other critical vulnerabilities include remote code execution issues in GDI+, Microsoft Office, and Visual Studio, as well as an elevation of privilege vulnerability in the DirectX Graphics Kernel. The GDI+ vulnerability (CVE-2025-60724) is particularly notable for its high CVSS score and the potential for exploitation via specially crafted metafiles, which could be triggered through documents or web services without user interaction. Security researchers note that while the number of vulnerabilities is significant, the overall risk profile is considered moderate, with no "Patch Now" emergencies aside from the actively exploited zero-day. The update also marks the first extended security update (ESU) for Windows 10, with Microsoft urging organizations still using the unsupported OS to upgrade or enroll in the ESU program. The vulnerabilities span a wide range of Microsoft products and services, including Azure, Dynamics 365, Visual Studio, and various Windows components, emphasizing the need for comprehensive patch management across enterprise environments.
Mar 21, 2026
Microsoft Patch Tuesday December 2025 Addresses Actively Exploited Zero-Days
Microsoft released its December 2025 Patch Tuesday updates, addressing 57 security vulnerabilities across Windows 10, Windows 11, Windows Server, Office, and related services. Among these, three zero-day vulnerabilities were highlighted: CVE-2025-62221, an actively exploited privilege escalation flaw in the Windows Cloud Files Mini Filter Driver; CVE-2025-64671, a remote code execution vulnerability in GitHub Copilot for JetBrains; and CVE-2025-54100, a remote code execution issue in Windows PowerShell. The update also introduced a new warning in PowerShell to alert users when the `Invoke-WebRequest` command fetches web pages without safe parameters, aiming to prevent script-based attacks that exploit unsafe web content retrieval. Throughout 2025, Microsoft addressed a total of 1,130 CVEs via Patch Tuesday releases, with 41 zero-day vulnerabilities patched, including 24 that were exploited in the wild. Elevation of Privilege and Remote Code Execution vulnerabilities made up the majority of the year's patches, reflecting ongoing attacker focus on these vectors. The December update continues Microsoft's trend of prioritizing critical and important vulnerabilities, reinforcing the need for organizations to promptly apply security updates to mitigate active threats.
Mar 21, 2026
Microsoft December 2025 Patch Tuesday Addresses Zero-Days and 57 Vulnerabilities
Microsoft released its December 2025 Patch Tuesday updates, addressing 57 security vulnerabilities across its product suite, including three zero-day flaws. Among the most critical issues patched is CVE-2025-62221, an actively exploited elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver, which could allow attackers to gain SYSTEM privileges. The updates also include a fix for a remote code execution zero-day in PowerShell (CVE-2025-54100), which now prompts users with a security warning when using the `Invoke-WebRequest` command, and other critical vulnerabilities affecting Windows 10 and 11, as well as related server products. The updates are mandatory for supported systems, including those enrolled in the Extended Security Update (ESU) program, and require a system restart upon installation. CISA has added CVE-2025-62221 to its Known Exploited Vulnerabilities Catalog, urging all organizations to prioritize remediation due to evidence of active exploitation. Security advisories and technical analyses from multiple sources highlight the importance of promptly applying these patches, as the vulnerabilities present significant risks for privilege escalation and remote code execution. The December update also marks the continued support for Windows 10 through ESU, with no new features introduced, focusing solely on security and bug fixes. Organizations are advised to review the full list of addressed CVEs and ensure all relevant systems are updated to mitigate potential threats.
Mar 21, 2026