October 2025 Patch Tuesday: Fixes for 175 Vulnerabilities and More

Microsoft October 2025 Patch Tuesday Windows 10 end of support zero-day vulnerabilities CVE-2025-24990 CVE-2025-59230 CVE-2025-59287 WSUS RCE Microsoft Office RCE Windows 10 ESU
Edward Zhou
Edward Zhou

CEO & Co-Founder

 
October 15, 2025 4 min read

TL;DR

Microsoft's October 2025 Patch Tuesday addresses a record 175 vulnerabilities, including six zero-days, three of which are actively exploited. This massive security update also marks the official end of support for Windows 10, urging users to migrate or enroll in the Extended Security Updates (ESU) program to maintain security.

Microsoft's October 2025 Patch Tuesday

Microsoft has released its October 2025 security update, addressing a significant number of vulnerabilities across its product range. The update includes fixes for 175 vulnerabilities, marking it as the largest release of the year. Among these, several are critical, including actively exploited zero-day vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has added these zero-days to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the patches promptly.

Zero-Day Vulnerabilities

The October 2025 Patch Tuesday addresses six zero-day vulnerabilities, with three being actively exploited in the wild.

  • CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability. Successful exploitation allows attackers to gain administrator privileges. The vulnerable driver, ltmdm64.sys, ships with every version of Windows. Microsoft is removing the driver entirely, which means that any fax modem hardware that relies on the driver will no longer work on Windows.
  • CVE-2025-59230: Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability. This vulnerability involves improper access control and can be exploited by an authorized attacker to gain system privileges.
  • CVE-2025-47827: IGEL OS Secure Boot Bypass. This vulnerability abuses overly lax cryptographic verification of the root filesystem, allowing bypass of Secure Boot.

Agere Modem Driver Vulnerabilities (CVE-2025-24990 and CVE-2025-24052)

Image courtesy of The Hacker News

CVE-2025-24052 and CVE-2025-24990 are Elevation of Privilege (EoP) vulnerabilities in the third-party Agere Modem driver. Both CVEs have a CVSSv3 score of 7.8. Microsoft reports that CVE-2025-24990 has been exploited in the wild. Successful exploitation would allow an attacker to gain administrator privileges on an affected system. The ltmdm64.sys driver has historically shipped natively with supported Windows operating systems but will no longer be supported following the October update. Microsoft notes that ltmdm64.sys-dependent hardware will no longer work on Windows and recommends users remove existing dependencies.

Windows Remote Access Connection Manager Vulnerability (CVE-2025-59230)

CVE-2025-59230 is an EoP vulnerability affecting Windows Remote Access Connection Manager. According to Microsoft, this vulnerability has been exploited in the wild. It has a CVSSv3 score of 7.8. Exploitation of this vulnerability involves improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges. There have been 22 reported and patched vulnerabilities for the Windows Remote Access Connection Manager service (RasMan) since January 2022. CVE-2025-59230 is the first reported RasMan CVE to be exploited as a zero-day.

Windows Server Update Service (WSUS) RCE Vulnerability (CVE-2025-59287)

CVE-2025-59287 is a Remote Code Execution (RCE) vulnerability in the Windows Server Update Service (WSUS). It has a CVSSv3 score of 9.8. An attacker could exploit this vulnerability to gain RCE by sending a crafted event that leads to a deserialization of untrusted data.

Microsoft Office RCE Vulnerabilities (CVE-2025-59227, CVE-2025-59234)

CVE-2025-59227 and CVE-2025-59234 are RCE vulnerabilities in Microsoft Office. Both vulnerabilities have a CVSSv3 score of 7.8. An attacker could exploit these flaws through social engineering by sending a malicious Microsoft Office document file to an intended target. Successful exploitation would grant code execution privileges to the attacker. Microsoft notes that the Preview Pane is an attack vector for both CVEs, which means exploitation does not require the target to open the file.

Windows Cloud Files Mini Filter Driver EoP Vulnerability (CVE-2025-55680)

CVE-2025-55680 is an EoP vulnerability in the Windows Cloud Files Mini Filter Driver. It has a CVSSv3 score of 7.8. A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation would allow the attacker to elevate to SYSTEM privileges.

Additional Vulnerabilities

Windows 10 End of Support

As of October 14, Windows 10 has reached its end of support. This means that no new security updates will be released for Windows 10 without being enrolled in the Extended Security Updates (ESU) program. Long-Term Servicing Branch (LTSB) support for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015 has also ended.

Extended Security Updates (ESU) Program

Windows 10 ESU
Image courtesy of Tom's Hardware

The Consumer Extended Security Update (ESU) program will give up to a year of additional security updates (though not feature updates or official troubleshooting support), culminating on October 13, 2026, no matter when you take it out. To take advantage of the ESU scheme, you'll need a Windows 10 system running version 22H2, Home, Professional, Pro Education, or Workstations edition. Commercial Windows 10 installations are subject to a different ESU program.

There are three ways to join the ESU program:

Additional Microsoft Products End of Support

Several Microsoft products have reached end of support:

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions..

Related Articles

Apache ActiveMQ vulnerability

Critical RCE Vulnerability in Apache ActiveMQ Exploited by Attackers

Protect your systems from critical Apache ActiveMQ vulnerabilities, including RCE flaws in .NET AMQP client and OpenWire protocol. Learn how to mitigate and secure your deployments.

By Edward Zhou October 16, 2025 6 min read
Read full article
Cisco SNMP vulnerability

Operation Zero Disco: Cisco SNMP Flaw Enables Linux Rootkit Attacks

Discover how Operation Zero Disco exploits Cisco SNMP flaws (CVE-2025-20352) to deploy rootkits and gain persistent access. Learn about detection & mitigation. Read now!

By Alan V Gutnov October 16, 2025 4 min read
Read full article
F5 breach

F5 Breach: Nation-State Hackers Steal Source Code and Data

F5 confirms nation-state hackers stole BIG-IP source code and vulnerability details. CISA issues emergency directive. Learn about the risks and mitigation strategies.

By Alan V Gutnov October 16, 2025 3 min read
Read full article
Patch Tuesday October 2025

October 2025 Patch Tuesday: 175+ CVEs and 6 Zero-Days Fixed

October 2025 Patch Tuesday is here! Microsoft and Adobe released critical updates addressing 193 Microsoft and 36 Adobe vulnerabilities, including 6 zero-days. Stay protected!

By Alan V Gutnov October 15, 2025 7 min read
Read full article