Headline
Microsoft Patch Tuesday Oct 2025 Fixs 175 Vulnerabilities including 3 Zero-Days
October’s Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10.
Microsoft Patch Tuesday for October 2025 was massive, delivering over 170 security fixes, making immediate patching mandatory due to the volume and critical nature of the vulnerabilities across Windows, Office, and Azure cloud services.
****Critical Zero-Day Exploits: Active Attacks Fixed****
Three zero-day flaws confirmed to be under active attack were patched. These included two critical Elevation of Privilege (EoP) bugs in Windows and a Secure Boot bypass:
CVE-2025-24990 (Windows Agere Modem Driver EoP – CVSS 7.8, High): This actively exploited flaw was fixed by permanently removing the obsolete driver (ltmdm64.sys) from Windows. Fax modem hardware relying on this driver will cease to function on updated systems.
CVE-2025-59230 (Windows Remote Access Connection Manager EoP – CVSS 7.8, High): An improper access control bug that allows an authenticated local attacker to gain SYSTEM-level privileges in the Remote Access Connection Manager (RasMan).
CVE-2025-47827 (Secure Boot Bypass in IGEL OS – CVSS 8.4, High): This third-party flaw compromises the Secure Boot trust chain via the igel-flash-driver module, allowing a malicious file system to entirely bypass security.
****High-Priority Server and Web Threats****
Server administrators must prioritise Critical RCE flaws with near-perfect CVSS scores:
WSUS Critical RCE (CVE-2025-59287, CVSS 9.8, Critical): A deserialization bug allows an unauthenticated, remote attacker to completely take over the Windows Server Update Service (WSUS) server, granting widespread network control.
ASP.NET Core Bypass (CVE-2025-55315, CVSS 9.9, Critical): An HTTP request smuggling flaw, exploitable by a low-privileged, authenticated attacker. It can severely compromise multi-tenant web applications’ confidentiality and integrity, affecting the Microsoft.AspNetCore.Server.Kestrel.Core package (for some versions).
Windows Graphics Component (CVE-2025-49708, CVSS 9.9, Critical): A memory corruption bug, specifically a Use-After-Free flaw, that presents a remote path for full system compromise at the kernel level.
****Office, Cloud, and AI Fixes****
Crucial vulnerabilities were also addressed in end-user and enterprise services:
****Office RCEs:****
Multiple RCEs were patched. High-priority flaws (CVE-2025-59234 and CVE-2025-59236, both CVSS 7.8, High) allow code execution by opening a malicious file. CVE-2025-59227 (CVSS 7.8, High) is critical as it can be exploited via the Preview Pane without user interaction.
****Azure and Confidential Computing:****
Critical EoP flaws were fixed in Azure Entra ID (CVE-2025-59246, CVSS 9.8, a Missing Authentication for Critical Function bug; and CVE-2025-59218, CVSS 9.6) and Azure Compute Gallery (CVE-2025-59292, CVSS 8.2). A race condition impacting Azure Confidential Computing integrity in AMD EPYC SEV-SNP processors (CVE-2025-0033) was also fixed.
****Copilot Spoofing:****
Patches were issued for multiple Spoofing vulnerabilities (e.g., CVE-2025-59252, CVSS 6.5) to prevent attackers from showing misleading or ‘spoofed’ content in the generative AI assistant’s interface.
****End-of-Life (EOL) Warning****
This is the final Patch Tuesday for free security updates for major products, including Windows 10, Office 2016, and Exchange Server 2016. Organisations must immediately upgrade Windows 10 to Windows 11 or enrol in a paid Extended Security Update (ESU) program. Office 2016/2019 and Exchange Server 2016/2019 users must upgrade to a modern suite (like Microsoft 365) or Exchange Online/Subscription Edition to maintain security.
IMMEDIATE ACTION: Since several critical zero-days are actively exploited in the wild, installing these updates is the most urgent and necessary step for all users and administrators.
More details are available here.
“The first zero-day is a serious elevation of privilege flaw in the Windows Remote Access Connection Manager (RACMAN) service, which manages VPN and remote access connections,” said Mike Walters, President and Co-Founder of Action1, on Windows Remote Access Connection Manager Elevation of Privilege Vulnerability (CVE-2025-59230)
“It results from improper access controls (CWE-284), allowing a low-privileged authenticated attacker to gain SYSTEM-level rights. The issue likely stems from how RACMAN validates and processes commands from lower-privileged users without proper authorisation checks,” Walters added.
“This vulnerability is especially dangerous because SYSTEM privileges give an attacker full control of the affected machine. In attack chains, it can be used to escalate privileges after an initial compromise (for example, via phishing), to establish persistence, to bypass User Account Control, and, when paired with lateral movement, to enable more sophisticated attacks against domain controllers,” he warned.
Related news
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. "This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems," Blackfog researcher Brenda Robb said in a Thursday report. In
November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥 🗞 Post on Habr (rus)🗞 Post on SecurityLab (rus)🗒 Digest on the PT website (rus) A total of nine vulnerabilities: 🔻 RCE – Windows Server Update […]
About Elevation of Privilege – Windows Remote Access Connection Manager (CVE-2025-59230) vulnerability. A vulnerability from the October Microsoft Patch Tuesday. The Windows Remote Access Connection Manager (RasMan) service is a core Windows component that manages dial-up and Virtual Private Network (VPN) connections, ensuring secure communication between a computer and remote networks. An access control flaw […]
Cyber threats didn’t slow down last week—and attackers are getting smarter. We’re seeing malware hidden in virtual machines, side-channel leaks exposing AI chats, and spyware quietly targeting Android devices in the wild. But that’s just the surface. From sleeper logic bombs to a fresh alliance between major threat groups, this week’s roundup highlights a clear shift: cybercrime is evolving fast
Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky phishing, the attacks came from all sides. Even encrypted backups and secure areas were put to the test.
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation. "By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security
Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities.
About Elevation of Privilege – Windows Agere Modem Driver (CVE-2025-24990) vulnerability. The vulnerability is from Microsoft’s October Patch Tuesday. Agere Modem Driver (ltmdm64.sys) is a software component that allows a computer to communicate with an Agere (or LSI) modem for dial‑up or fax connections. 📠🙄 Despite its questionable practical usefulness, the driver continued to be […]
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here’s how that false sense of security
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant
It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect. Here’s a quick look at this week’s top threats, new tactics, and security stories shaping
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft on Tuesday released fixes for a whopping 183 security flaws spanning its products, including three vulnerabilities that have come under active exploitation in the wild, as the tech giant officially ended support for its Windows 10 operating system unless the PCs are enrolled in the Extended Security Updates (ESU) program. Of the 183 vulnerabilities, eight of them are non-Microsoft
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.
# Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/announcements/issues/372 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET Core 10.0 application running on ASP.NET Core 10.0.0-rc.1.25451.107 or earl...
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory