Microsoft Released October 2025 Software Updates
Microsoft has released software updates as part of its October 2025 Patch Tuesday. The updates fix 172 security vulnerabilities in total, including 6 zero-day vulnerabilities.
The breakdown of the vulnerabilities are as follows:
80 privilege escalation
11 security feature bypass
31 remote code execution
28 information disclosure
11 denial of service
10 spoofing
The actively exploited vulnerabilities are as follows:
CVE-2025-24990 - vulnerability in Windows Agere Modem Driver that allows elevation of privilege
CVE-2025-59230 - vulnerability in Remote Access Connection Manager that allows elevation of privilege
CVE-2025-47827 - vulnerability in IGEL OS that allows attackers to bypass Secure Boot
CVE-2025-0033 - vulnerability in AMD EPYC processors that impacts the integrity of memory
CVE-2025-24052 - vulnerability in Windows Agere Modem Driver that allows elevation of privilege
CVE-2025-2884 - vulnerability in TCG TPM that could lead to information disclosure or denial of service
Why You Should Care?
Zero-day vulnerabilities are vulnerabilities where a flaw has been identified but there was no fix for the flaw, which means attackers will try to exploit as many targets as possible before users fix the vulnerability. This makes it extra dangerous, and needs to be addressed as soon as possible.
In this case, six zero-day vulnerabilities are publicly disclosed, which means attackers have the information to build an exploit. It is only a matter of time before the attackers compromise your business. Now that patches are available, it is critical to apply the patches as soon as possible to avoid getting compromised.
What Should You Do?
Test the patches ASAP at your organization, and make sure it does not break any business applications
Prioritize patching the publicly disclosed zero-days
Roll out the rest of the Patch Tuesday updates
References
https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/