{“lastseen”:”2025-10-14T22:39:52″,”description”:”As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know.\\n\\n## Microsoft Patch Tuesday for October 2025\\n\\nThis month’s release addresses a staggering **193** vulnerabilities, including **nine** critical and 123 important-severity vulnerabilities.\\n\\nIn this month’s updates, Microsoft has addressed **six** zero-day vulnerabilities. **Four** of them are being publicly exploited, and **two** are publicly disclosed.\\n\\nMicrosoft has addressed **14** vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.\\n\\nThis Patch Tuesday edition marks the end of an era, with the Windows 10 reaching the end of its support lifecycle. Microsoft has released the Windows 10 KB5066791 cumulative update, the final cumulative update for the operating system.\\n\\nMicrosoft Patch Tuesday, October edition, includes updates for vulnerabilities in Windows NTFS, Windows Cloud Files Mini Filter Driver, Windows NTLM, Windows Remote Desktop Protocol, Windows Remote Desktop Services, Windows Local Session Manager (LSM), and more.\\n\\nFrom elevation of privilege flaws to remote code execution risks, this month’s patches are essential for organizations aiming to maintain a robust security posture.\\n\\nThe October 2025 Microsoft vulnerabilities are classified as follows:\\n\\n**Vulnerability Category**| **Quantity**| **Severities** \\n—|—|— \\nSpoofing Vulnerability| 10| Important: 10 \\nSecurity Feature Bypass| 11| Important: 11 \\nDenial of Service Vulnerability| 11| Important: 11 \\nElevation of Privilege Vulnerability| 81| Critical: 3 \\nImportant: 78 \\nInformation Disclosure Vulnerability| 28 | Important: 28 \\nRemote Code Execution Vulnerability| 31| Critical: 5 \\nImportant: 26 \\n \\n## Zero-day Vulnerabilities Patched in October Patch Tuesday Edition\\n\\n### **CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerability **\\n\\nThe Windows Agere Modem Driver is a software component that allows a computer to communicate with an Agere (or LSI) modem, often a dial-up or fax modem integrated into older computers. \\n\\nThe vulnerability exists in the third-party Agere Modem driver that ships natively with supported Windows operating systems. The driver has been removed in the October cumulative update. Successful exploitation of the vulnerability may allow an attacker to gain administrator privileges. \\n\\nCISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before November 4, 2025. \\n\\n### CVE-2025-59230: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability\\n\\nWindows Remote Access Connection Manager (RASMan) is a core Windows service that manages dial-up and Virtual Private Network (VPN) connections, allowing your computer to connect to remote networks securely.\\n\\nAn improper access control flaw in Windows Remote Access Connection Manager may allow an authenticated attacker to elevate privileges locally. Upon successful exploitation of the vulnerability, an attacker could gain SYSTEM privileges.\\n\\nCISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch it before November 4, 2025.\\n\\n### CVE-2025-24052: Windows Agere Modem Driver Elevation of Privilege Vulnerability\\n\\nThe vulnerability exists in the third-party Agere Modem driver that ships natively with supported Windows operating systems. The driver has been removed in the October cumulative update. Successful exploitation of the vulnerability may allow an attacker to gain administrator privileges.\\n\\n### CVE-2025-2884: Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation\\n\\nMicrosoft mentioned in the advisory that \\”CVE-2025-2884 is regarding a vulnerability in the CG TPM2.0 Reference implementation’s CryptHmacSign helper function that is vulnerable to Out-of-Bounds read due to the lack of validation of the signature scheme with the signature key’s algorithm.\\n\\nCERT\/CC created this CVE on their behalf. The documented Windows updates incorporate CG TPM2.0 Reference implementation updates, which address this vulnerability.\\”\\n\\n### CVE-2025-47827: MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11\\n\\nMicrosoft describes, \\”In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. A crafted root filesystem can be mounted from an unverified SquashFS image.\\”\\n\\n### CVE-2025-0033: AMD CVE-2025-0033: RMP Corruption During SNP Initialization\\n\\nThe vulnerability exists in AMD EPYC processors using Secure Encrypted Virtualization \u2013 Secure Nested Paging (SEV-SNP). It involves a race condition during Reverse Map Table (RMP) initialization that could allow a malicious or compromised hypervisor to modify RMP entries before they are locked, potentially impacting the integrity of SEV-SNP guest memory. This vulnerability does not expose plaintext data or secrets and requires privileged control of the hypervisor to exploit.\\n\\n## **Critical Severity Vulnerabilities Patched in October Patch Tuesday Edition **\\n\\n### CVE-2025-59234: Microsoft Office Remote Code Execution Vulnerability\\n\\nA use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally. An attacker must send the user a malicious file and convince the user to open it.\\n\\n### CVE-2025-49708: Windows Graphics Component Remote Code Execution Vulnerability\\n\\nA use-after-free flaw in Microsoft Graphics Component could allow an authenticated attacker to execute code over a network. Upon successful exploitation of the vulnerability, an attacker could gain SYSTEM privileges.\\n\\n### CVE-2025-59291: Confidential Azure Container Instances Elevation of Privilege Vulnerability\\n\\nExternal control of file name or path in Azure Compute Gallery could allow an authenticated attacker to elevate privileges locally. An attacker could trick the system into mounting a malicious file share to a sensitive location, leading to remote code execution.\\n\\n### CVE-2025-59292: Azure Compute Gallery Elevation of Privilege Vulnerability\\n\\nAzure Compute Gallery is a service for centrally creating, managing, and sharing custom Virtual Machine (VM) images and other compute resources within and across organizations.\\n\\nExternal control of the file name or path in Azure Compute Gallery could allow an authenticated attacker to elevate privileges locally. An attacker could trick the system into mounting a malicious file share to a sensitive location, leading to remote code execution.\\n\\n### CVE-2025-59227: Microsoft Office Remote Code Execution Vulnerability\\n\\nA use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally.\\n\\n### CVE-2025-59287: Windows Server Update Service (WSUS) Remote Code Execution Vulnerability\\n\\nWindows Server Update Service (WSUS) is a feature of Windows Server that allows IT administrators to manage the download and distribution of Microsoft product updates to computers on a local network.\\n\\nAn unauthenticated attacker can execute code over a network by deserializing untrusted data in the Windows Server Update Service. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.\\n\\n### CVE-2016-9535: MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability\\n\\ntif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile sizes like YCbCr with subsampling. Reported as MSVR 35105, aka \\”Predictor heap-buffer-overflow.\\n\\n### CVE-2025-59236: Microsoft Excel Remote Code Execution Vulnerability\\n\\nA use-after-free flaw in Microsoft Office could allow an unauthenticated attacker to execute code locally.\\n\\n### CVE-2025-59246: Azure Entra ID Elevation of Privilege Vulnerability\\n\\nSuccessful exploitation of the vulnerability may allow an attacker to elevate privileges.\\n\\n## Other Microsoft Vulnerability Highlights\\n\\n * **CVE-2025-48004** is an elevation of privilege vulnerability in the Microsoft Brokering File System. An attacker must win a race condition to exploit the vulnerability. Upon successful exploitation, an attacker could gain SYSTEM privileges.\\n * **CVE-2025-55676** is an information disclosure vulnerability in the Windows USB Video Class System Driver. Successful exploitation of the vulnerability could allow the disclosure of certain memory addresses within kernel space.\\n * **CVE-2025-55681** is an elevation of privilege vulnerability in Desktop Windows Manager. An out-of-bounds read flaw may allow an attacker to gain SYSTEM privileges.\\n * **CVE-2025-58722** is an elevation of privilege vulnerability in Microsoft DWM Core Library. A heap-based buffer overflow in Windows DWM may allow an attacker to gain SYSTEM privileges.\\n * **CVE-2025-59199** is an elevation of privilege vulnerability in the Software Protection Platform (SPP). The improper access control flaw may allow an unauthenticated attacker to elevate privileges locally.\\n * **CVE-2025-55680** is an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. Upon successful exploitation, an attacker could gain SYSTEM privileges.\\n * **CVE-2025-55692** is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who successfully exploited this vulnerability could gain administrator privileges.\\n * **CVE-2025-55693** is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. An attacker who successfully exploits the vulnerability could crash the system by exploiting the use-after-free vulnerability, even as a standard user.\\n * **CVE-2025-55694** is an elevation of privilege vulnerability in the Windows Error Reporting Service. An attacker who exploits this vulnerability could gain administrator privileges.\\n * **CVE-2025-59194** is an elevation of privilege vulnerability in the Windows Kernel. An attacker must win a race condition to exploit the vulnerability. Successful exploitation of the vulnerability may allow an authenticated attacker to elevate privileges locally.\\n * **CVE-2025-59502** is a denial-of-service vulnerability in the Remote Procedure Call. An uncontrolled resource consumption flaw could allow an unauthenticated attacker to deny service over a network.\\n\\n\\n\\n## Microsoft Release Summary\\n\\nThis month’s release notes cover multiple Microsoft product families and products\/versions affected, including, but not limited to, Agere Windows Modem Driver, Microsoft PowerShell, Windows Failover Cluster, Azure Connected Machine Agent, Microsoft Brokering File System, Virtual Secure Mode, Microsoft Graphics Component, Windows Kernel, Windows Device Association Broker service, Windows Digital Media, Windows Hello, Windows Virtualization-Based Security (VBS) Enclave, Xbox, Microsoft Exchange Server, Visual Studio, .NET, .NET, .NET Framework, Visual Studio, ASP.NET Core, Microsoft Configuration Manager, Azure Monitor, Windows Storage Management Provider, Connected Devices Platform Service (Cdpsvc), Windows Hyper-V, Windows BitLocker, Windows PrintWorkflowUserSvc, Windows NDIS, Windows USB Video Driver, Windows DirectX, Windows DWM, Windows Resilient File System (ReFS), Windows Error Reporting, Windows WLAN Auto Config Service, NtQueryInformation Token function (ntifs.h), Azure Local, Windows Routing and Remote Access Service (RRAS), Microsoft Windows, Windows Ancillary Function Driver for WinSock, Microsoft Windows Speech, Remote Desktop Client, Windows Cryptographic Services, Windows COM, Windows SMB Server, Windows Connected Devices Platform Service, Windows Bluetooth Service, Inbox COM Objects, Windows Remote Desktop, Windows File Explorer, Windows High Availability Services, Windows Core Shell, Microsoft Windows Search Component, Storport.sys Driver, Windows Management Services, Windows SSDP Service, Windows ETL Channel, Software Protection Platform (SPP), Data Sharing Service Client, Network Connection Status Indicator (NCSI), Windows StateRepository API, Windows Resilient File System (ReFS) Deduplication Service, Windows MapUrlToZone, Windows Push Notification Core, Azure Entra ID, Microsoft Office Word, Microsoft Office Excel, Microsoft Office Visio, Microsoft Office, Microsoft Office SharePoint, Windows Remote Access Connection Manager, Microsoft Office PowerPoint, Windows Health and Optimized Experiences Service, Azure PlayFab, JDBC Driver for SQL Server, Copilot, Windows DWM Core Library, Active Directory Federation Services, Microsoft Failover Cluster Virtual Driver, Redis Enterprise, Windows Authentication Methods, Windows SMB Client, XBox Gaming Services, Azure Monitor Agent, Windows Server Update Service, GitHub, Confidential Azure Container Instances, Windows Taskbar Live, Internet Explorer, Microsoft Defender for Linux, Windows Remote Procedure Call, AMD Restricted Memory Page, Microsoft Edge (Chromium-based), TCG TPM2.0, Windows Secure Boot, Microsoft Windows Codecs Library, and Games. \\n\\nThe next Patch Tuesday falls on November 11, and we will be back with details and patch analysis. Until next Patch Tuesday, stay safe and secure. Be sure to subscribe to ‘This Month in Vulnerabilities and Patch’s webinar.’\\n\\n## Qualys Monthly Webinar Series\\n\\nThe Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management. Combining these two solutions can reduce the median time to remediate critical vulnerabilities.\\n\\nDuring the webcast, we will discuss this month’s high-impact vulnerabilities, including those that are a part of this month’s Patch Tuesday alert. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.\\n\\n* * *\\n\\n**Join the webinar**\\n\\n**This Month in Vulnerabilities \\u0026 Patches**\\n\\nRegister Now”,”published”:”2025-10-14T19:19:50″,”modified”:”2025-10-14T19:19:50″,”type”:”qualysblog”,”title”:”Microsoft Patch Tuesday, October 2025 Security Update Review”,”source”:””,”references”:””,”id”:”QUALYSBLOG:EE678F249ADCB3828C652EFC8102A133″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2016-9535″,”CVE-2025-0033″,”CVE-2025-24052″,”CVE-2025-24990″,”CVE-2025-2884″,”CVE-2025-47827″,”CVE-2025-48004″,”CVE-2025-49708″,”CVE-2025-55676″,”CVE-2025-55680″,”CVE-2025-55681″,”CVE-2025-55692″,”CVE-2025-55693″,”CVE-2025-55694″,”CVE-2025-58722″,”CVE-2025-59194″,”CVE-2025-59199″,”CVE-2025-59227″,”CVE-2025-59230″,”CVE-2025-59234″,”CVE-2025-59236″,”CVE-2025-59246″,”CVE-2025-59287″,”CVE-2025-59291″,”CVE-2025-59292″,”CVE-2025-59502″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.9,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:”3.0″,”vectorString”:”CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”baseScore”:9.8,”baseSeverity”:”CRITICAL”,”attackVector”:”NETWORK”,”attackComplexity”:”LOW”,”privilegesRequired”:”NONE”,”userInteraction”:”NONE”,”scope”:”UNCHANGED”,”confidentialityImpact”:”HIGH”,”integrityImpact”:”HIGH”,”availabilityImpact”:”HIGH”}},”href”:”https:\/\/blog.qualys.com\/category\/vulnerabilities-threat-research”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-14T22:39:52″,”description”:”As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,45,12,13,120,7,11,5],"class_list":["post-21770","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-99","tag-exploit","tag-news","tag-qualysblog","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n