On the second Tuesday of each month, Microsoft rolls out a significant security update for Windows users, commonly referred to as “Patch Tuesday.” The scale of these updates can vary, influenced by the number of vulnerabilities identified by researchers in the preceding month. This October, however, marks a particularly substantial release.
According to reports from Bleeping Computer, the latest Patch Tuesday update addresses over 170 security vulnerabilities within Windows. This includes:
- 80 elevation of privilege vulnerabilities
- 31 remote code execution vulnerabilities
- 28 information disclosure vulnerabilities
- 11 security feature bypass vulnerabilities
- 11 denial of service vulnerabilities
- 10 spoofing vulnerabilities
It’s important to note that Bleeping Computer’s figures only account for patches released directly by Microsoft. The total number of patches is actually higher, as it also includes updates for Azure, Mariner, and vulnerabilities disclosed earlier in October, bringing the overall count to well over 200.
While all security patches hold significance, certain vulnerabilities demand more immediate attention. This month’s update includes fixes for eight vulnerabilities classified as “Critical,” which encompasses five remote code execution vulnerabilities and three elevation of privilege vulnerabilities.
Six zero-days
Even more pressing are the patches addressing six zero-day vulnerabilities. These vulnerabilities are particularly concerning as they are either publicly disclosed or exploited before the software developer has the opportunity to issue a patch. In this instance, three of the zero-days have been publicly disclosed, while three have been actively exploited, leaving Windows users at risk.
Here are the three exploited vulnerabilities:
- CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability. This flaw enabled malicious actors to gain administrative privileges through a compromised Agere Modem driver, which Microsoft has since removed.
- CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This vulnerability allowed attackers to obtain SYSTEM privileges.
- CVE-2025-47827: Secure Boot bypass in IGEL OS before version 11. This flaw permitted bad actors to bypass Secure Boot, a critical security measure designed to prevent malware from loading during system startup.
Additionally, here are the three publicly disclosed vulnerabilities:
- CVE-2025-0033: AMD RMP Corruption During SNP Initialization. This AMD vulnerability poses a risk to memory integrity. Microsoft has indicated that this fix is still in development, with patches to be rolled out through Azure Service Health Alerts once ready.
- CVE-2025-24052: Windows Agere Modem Driver Elevation of Privilege Vulnerability. Similar to CVE-2025-24990, this flaw can also be exploited to gain administrative privileges via the Agere Modem Driver.
- CVE-2025-2884: Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation. This vulnerability could potentially allow for information disclosure or denial of service affecting the target’s TPM.
In related Microsoft news, the company has officially ceased support for Windows 10. Users who do not enroll in Extended Security Updates will no longer receive these crucial security patches moving forward.
