Microsoft October 2025 Patch Tuesday: 6 Zero-Days, 172 Vulnerabilities Fixed
TL;DR
Microsoft October 2025 Patch Tuesday: Zero-Days and Vulnerabilities Fixed
Microsoft has released its October 2025 Patch Tuesday update, addressing a significant 172 security vulnerabilities across its product ecosystem. The security bulletin is highlighted by fixes for four zero-day flaws, two of which are confirmed to be actively exploited in the wild. The patches primarily tackle a significant number of elevation of privilege and remote code execution vulnerabilities, underscoring the urgent need for organizations to apply these updates promptly to defend against emerging cyber threats. Microsoft has addressed 14 vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Zero-Day Exploits and Critical Execution Bugs
The most immediate threats in this month’s release are the two zero-day vulnerabilities being actively used by attackers. One of these, tracked as CVE-2025-59230, is a privilege escalation flaw in the Windows Remote Access Connection Manager that allows local attackers to gain elevated system rights. Microsoft says attackers must "invest in some measurable amount of effort in preparation or execution" to successfully exploit the flaw. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before November 4, 2025.
Image courtesy of BleepingComputer
In addition to the zero-days, Microsoft patched several critical remote code execution (RCE) vulnerabilities. Among them are CVE-2025-59234 and CVE-2025-59236, use-after-free bugs in Microsoft Office and Excel that could grant attackers full system control if a user opens a specially crafted malicious file. Another critical RCE, CVE-2025-59287, affects the Windows Server Update Service (WSUS) and could be leveraged in supply-chain attacks.
Pervasive Privilege Escalation Flaws
Elevation of privilege vulnerabilities represent the largest category in this update, with 80 distinct flaws being fixed. These bugs allow attackers who have already gained initial access to a system to escalate their permissions, often to the administrator level. Notable examples include CVE-2025-49708 in the Microsoft Graphics Component, which can be exploited over a network, and a series of bugs in the Windows PrintWorkflowUserSvc (CVE-2025-55684 through 55691) that expose a common vector in enterprise environments.
Cloud infrastructure is also affected, with critical privilege escalation flaws like CVE-2025-59291 and CVE-2025-59292 patched in Azure Container Instances and Compute Gallery. CVE-2025-47989 is an elevation of privilege vulnerability in Azure Connected Machine Agent. CVE-2025-59218 and CVE-2025-59246 are elevation of privilege vulnerabilities in Azure Entra ID.
Other Important Vulnerabilities Patched
Beyond criticals, 150+ important vulnerabilities cover elevation of privilege (over 60), information disclosure (around 30), and denial-of-service flaws. Repeated patterns emerge in Windows PrintWorkflowUserSvc (CVE-2025-55684 through 55691), where use-after-free bugs allow local attackers to gain higher privileges during print operations, a common vector in enterprise printing environments.
Image courtesy of LinkedIn
Windows Kernel vulnerabilities like CVE-2025-55693 and CVE-2025-59187 involve improper input validation, potentially leaking kernel memory, or enabling ring-0 access. Spoofing risks appear in CVE-2025-59239 for File Explorer and CVE-2025-59248 for Exchange Server, where flawed validation could trick users into executing malicious actions or bypassing authentication. CVE-2025-55682 exposes a security feature bypass via physical attacks. For cloud users, Azure Arc and Connected Machine Agent fixes (CVE-2025-58724) mitigate local escalations from access control lapses. Denial-of-service bugs, such as CVE-2025-55698 in DirectX and CVE-2025-58729 in Local Session Manager, could disrupt services through null dereferences or invalid inputs.