Microsoft’s October 2025 Patch Tuesday has arrived with one of the largest updates of the year—193 patched, including six zero-days, four of which are being actively exploited in the wild. The company also confirmed that this release marks the final cumulative update for Windows 10 (KB5066791) as the operating system reaches the end of its support lifecycle.
According to Microsoft’s bulletin, this month’s rollout includes fixes across nearly every major Windows component—from NTFS and Cloud Files Mini Filter Driver to Remote Desktop Protocol (RDP), NTLM, and Local Session Manager (LSM).
The breakdown of the 193 includes:
- 80 Elevation of Privilege vulnerabilities
- 11 Security Feature Bypass vulnerabilities
- 31 Remote Code Execution vulnerabilities
- 28 Information Disclosure vulnerabilities
- 11 Denial of Service vulnerabilities
- 10 Spoofing vulnerabilities
Microsoft also patched 14 vulnerabilities in Microsoft Edge (Chromium-based) as part of this update cycle.
Six Zero-Days Addressed — Four Under Active Exploitation
CVE-2025-24990 — Windows Agere Modem Driver Elevation of Privilege
A zero-day affecting the Agere (LSI) Modem Driver, a legacy component still present in some Windows systems. Microsoft removed the vulnerable driver in this month’s cumulative update, noting that “successful exploitation may allow an attacker to gain administrator privileges.”
CISA has added this CVE to its Known Exploited Vulnerabilities (KEV) Catalog, urging users to patch before November 4, 2025.
CVE-2025-59230 — Windows Remote Access Connection Manager Elevation of Privilege
A in RASMan, the service responsible for managing dial-up and VPN connections. Microsoft described it as an “improper access control that may allow an authenticated attacker to elevate privileges locally to SYSTEM.”
CISA has also included this issue in the KEV Catalog, setting the same November 4 deadline for remediation.
CVE-2025-24052 — Windows Agere Modem Driver Elevation of Privilege (Variant)
Another elevation of privilege bug linked to the Agere driver. Like CVE-2025-24990, the driver has been removed entirely from the OS to prevent exploitation. Microsoft emphasized that exploitation may allow attackers to gain administrator privileges.
CVE-2025-2884 — Out-of-Bounds Read in TCG TPM 2.0 Reference Implementation
Created on Microsoft’s behalf by CERT/CC, this vulnerability resides in the TPM2.0 reference implementation’s CryptHmacSign helper function. Microsoft noted that the stems from “the lack of validation of the signature scheme with the signature key’s algorithm.”
The patched updates incorporate the corrected TPM2.0 implementation to prevent potential out-of-bounds read attacks.
CVE-2025-47827 — Secure Boot Bypass in IGEL OS Before 11
Microsoft disclosed that “Secure Boot can be bypassed in IGEL OS before version 11 due to improper cryptographic signature verification in the igel-flash-driver module.” Attackers could mount an unverified SquashFS image to compromise system integrity.
CVE-2025-0033 — AMD RMP Corruption During SEV-SNP Initialization
A hardware-level flaw affecting AMD EPYC processors utilizing Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP). The bug results from a race condition during Reverse Map Table (RMP) initialization, potentially allowing a compromised hypervisor to modify RMP entries before they lock.
Microsoft clarified that while the issue does not expose plaintext data or secrets, it can still undermine the integrity of SEV-SNP guest memory.
This Patch Tuesday also officially concludes Microsoft’s decade-long journey with Windows 10, with the KB5066791 cumulative update being the final one. As the company transitions users to Windows 11 and beyond, administrators are advised to prioritize upgrading systems to ensure continued access to security patches and new features.
- CISA & Microsoft Warn of 6 Actively Exploited Zero-Day Vulnerabilities
- Microsoft May 2025 Patch Tuesday Fixes 83 Vulnerabilities, Including 5 Exploited in the Wild
- Microsoft April 2025 Patch Tuesday: Critical Security Updates and Zero-Day Exploits
- Microsoft’s July 2025 Patch Tuesday: 140 Flaws Fixed, Including Zero-Day, RCEs & AMD CPU Threats
- Microsoft releases January Patch Tuesday to fix 56 security issues
