Article Details

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws. Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. This Patch Tuesday also addresses eight "Critical" vulnerabilities, five of which are remote code execution vulnerabilities and three are elevation of privilege vulnerabilities. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month. Notably, Windows 10 reaches the end of support today, with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system. To continue receiving security updates on Windows 10, consumers can sign up for a year of Extended Security Updates (ESU), and enterprises can sign up for a total of three years. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5066835 and KB5066793 updates. 6 zero-days in the October Patch Tuesday This month's Patch Tuesday fixes two publicly disclosed zero-day flaws in Windows SMB Server and Microsoft SQL Server. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The three exploited zero-days are: CVE-2025-24990 - Windows Agere Modem Driver Elevation of Privilege Vulnerability Microsoft is removing an Agere Modem driver that was abused to gain administrative privileges. "Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems," explains Microsoft. "This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update." Microsoft warns that removing this driver will cause related Fax modem hardware to cease functioning. Microsoft has attributed the flaw to Fabian Mosch and Jordan Jay. CVE-2025-59230 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Microsoft fixed a Windows Remote Access Connection Manager flaw that was exploited to gain SYSTEM privileges. "Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally," explains Microsoft. Microsoft says attackers must "invest in some measurable amount of effort in preparation or execution" to successfully exploit the flaw. The vulnerability has been attributed the flaw internally to Microsoft Threat Intelligence Center (MSTIC) & Microsoft Security Response Center (MSRC). CVE-2025-47827 - MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 Microsoft has added fixes for a Secure Boot bypass in IGEL OS. "In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image," explains Microsoft. "MITRE created this CVE on their behalf. The documented Windows updates incorporate updates in IGEL OS which address this vulnerability. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information." The flaw was discovered by Zack Didcott and publicly disclosed in a GitHub writeup. The publicly exploited flaws are: CVE-2025-0033 - AMD CVE-2025-0033: RMP Corruption During SNP Initialization Microsoft is working on a fix for an AMD flaw that could impact memory integrity. "CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This issue does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit," explains Microsoft. "Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited and logged. Together, these protections reduce the risk of host compromise or unauthorized memory manipulation, helping ensure that confidential workloads and customer VMs maintain their confidentiality and integrity on Azure hosts." Microsoft states that the security updates for this vulnerability in Azure Confidential Computing's (ACC) AMD-based clusters are not yet complete. Customers will be notified via Azure Service Health Alerts when they are available to deploy. The flaws were publicly disclosed by AMD yesterday and discovered by Benedict Schlueter, Supraja Sridhara, and Shweta Shinde from ETH Zurich. CVE-2025-24052 - Windows Agere Modem Driver Elevation of Privilege Vulnerability This is a similar flaw to CVE-2025-24990, described above, which appears to have been publicly disclosed as well. Microsoft reiterates that the flaw impacts all versions of Windows and that the modem does not have to be used to exploit the flaw. "All supported versions of Windows can be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used," explains Microsoft. This CVE is not attributed to any researchers. CVE-2025-2884 - Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation Microsoft has fixed a TCG TPM 2.0 flaw that could lead to information disclosure or denial of service of the TPM. "CVE-2025-2884 is regarding a vulnerability in CG TPM2.0 Reference implementation's CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm," explains Microsoft. "CERT/CC created this CVE on their behalf. The documented Windows updates incorporate updates in CG TPM2.0 Reference implementation which address this vulnerability. Please see CVE-2025-2884 for more information." The flaw has been attributed to the Trusted Computing Group (TCG) and an anonymous researcher. TCG publicly disclosed the flaw in this writeup. Recent updates from other companies Other vendors who released updates or advisories in October 2025 include: The October 2025 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the October 2025 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. The Security Validation Event of the Year: The Picus BAS Summit Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation. Don't miss the event that will shape the future of your security strategy