Summary:  Microsoft’s October 2025 Patch Tuesday fixes 175 security vulnerabilities in the products Windows, Office, Azure, and .NET and others. It includes patches for 6 – zero-day vulnerabilities where three vulnerabilities have been exploited and three publicly known vulnerabilities.  

Microsoft advises immediate deployment of updates and removal of affected drivers, while assessing legacy fax hardware for compatibility issues introduced by the driver removal in this month update.

The October 2025 security updates address critical and important vulnerabilities across a broad range of Microsoft products and services. 

OEM	Microsoft
Severity	Critical
Date of Announcement	2025-10-14
No. of Patches	175
Actively Exploited	Yes
Exploited in Wild	Yes
Advisory Version	1.0

Overview 

Major fixes address serious remote code execution issues in Office and WSUS, along with privilege escalation vulnerabilities in Windows and Azure. The update also removes the Agere Modem driver, which could affect older fax devices. Users & Administrator are urged to update the patch to immediately to stay protected. 

Here are the CVE addresses for Microsoft & non-Microsoft:  

• 175 Microsoft CVEs addressed 

• 21 non-Microsoft CVEs addressed (Republished) 

Breakdown of October 2025 Vulnerabilities 

• 80 Elevation of Privilege (EoP) 

• 31 Remote Code Execution (RCE) 

• 28 Information Disclosure 

• 11 Denial of Service (DoS) 

• 11 Security Feature Bypass 

• 12 Spoofing  

• 2 Tampering 

Source: Microsoft 

Vulnerability Name	CVE ID	Product Affected	Severity	CVSS Score
Windows Agere Modem Driver Elevation of Privilege Vulnerability	CVE-2025-24990	Windows 10, 11, Server 2016-2022	High	7.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability	CVE-2025-59230	Windows 10, 11, Server 2016-2022	High	7.8
Secure Boot Bypass Vulnerability in IGEL OS	CVE-2025-47827	IGEL OS	Medium	4.6
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability	CVE-2025-59287	Windows Server	Critical	9.8
Microsoft Office Remote Code Execution Vulnerability	CVE-2025-59234	Microsoft Office	High	7.8
Microsoft Excel Remote Code Execution Vulnerability	CVE-2025-59236	Microsoft Excel (2016-2021)	High	8.4

Technical Summary 

October 2025 Patch Tuesday includes security updates addresses remote code execution, privilege escalation and information disclosure vulnerabilities in core Windows components, Office applications and Azure cloud services.

3 zero-days are actively exploited, including CVE-2025-24990 in the Agere Modem driver, where attackers can abuse the third-party component to gain administrative privileges without needing the modem hardware active, leading to local system compromise.  

Additionally, exposes improper access controls in Windows Remote Access Connection Manager, enabling authorized attackers to escalate to SYSTEM privileges with moderate effort.  

CVE ID	System Affected	Vulnerability Details	Impact
CVE-2025-24990	Windows Agere Modem Driver	Third-party driver abused for admin privileges; removed in updates, may break fax modem hardware	Privilege Escalation
CVE-2025-59230	Windows Remote Access Connection Manager	Improper access control allows local attackers to gain SYSTEM privileges	Privilege Escalation
CVE-2025-47827	IGEL OS < v11	Improper cryptographic signature verification enables Secure Boot bypass via crafted root filesystem	Security Feature Bypass
CVE-2025-59287	Windows Server Update Service	Deserialization of untrusted data allows unauthenticated RCE over networks, prime for supply-chain attacks	Remote Code Execution
CVE-2025-59234	Microsoft Office (2016-2021)	Use-after-free in Office allows RCE via malicious files, no authentication required	Remote Code Execution
CVE-2025-59236	Microsoft Excel (2016-2021)	Use-after-free in Excel enables RCE via malicious files, potentially leading to system control	Remote Code Execution

Source: Microsoft 

In addition to several other publicly exploited Zero-Day & Critical severity issues were addressed 

• CVE-2025-0033: AMD SEV-SNP Flaw – Race condition in AMD EPYC processors allows hypervisor to tamper with guest memory; needs privileged access. (Critical) 

• CVE-2025-24052: Windows Agere Modem EoP – Flaw in modem driver enables local admin privilege escalation; driver removed, may affect fax hardware. (High) 

• CVE-2025-2884: TCG TPM 2.0 Vulnerability – Out-of-bounds read in TPM cause info disclosure or DoS, impacting secure boot. (Medium) 

• CVE‑2025‑49708: Microsoft Graphics Component EoP – Memory corruption enables network-based privilege escalation.  (Critical) 

• CVE-2025-59227: Microsoft Office RCE – Use-after-free affecting multiple Office versions. (Critical) 

• CVE-2016-9535: LibTIFF Heap Buffer Overflow – RCE via malformed TIFF files in image processing. (Critical) 

• CVE-2025-59291 & CVE-2025-59292: Azure Container Instances/Compute Gallery EoP – External file path control for local privilege escalation. (Critical) 

Key Affected Products and Services 

• Windows Core and Security Components 

Updates for Windows Kernel, NTFS, BitLocker, NTLM, SMB, WinSock, PrintWorkflowUserSvc and Remote Desktop Services, with several vulnerabilities rated CVSS 7.8 or higher. 

• Microsoft Office Suite 

Patches for Excel, Word, PowerPoint, Visio, and SharePoint addressing RCE and information disclosure issues, particularly via malicious file execution. 

• Azure and Cloud Services 

Fixes for Azure Entra ID, Monitor Agent, Connected Machine Agent, PlayFab and Confidential Container Instances. 

• Virtualization and Hyper-V 

Vulnerabilities in Hyper-V and Virtual Secure Mode, including privilege escalation and DoS risks. 

• Developer and Management Tools 

Updates for PowerShell, Visual Studio and Configuration Manager addressing local privilege escalation. 

• Communication & File Services 

Patches for SMB, WSUS, and Connected Devices Platform with critical RCE and lateral movement risks. 

• Browsers and Web Technologies 

Microsoft Edge (Chromium-based) updates, including republished Chrome CVEs. 

Remediation: 

• Install the October 2025 security updates immediately to mitigate risks. 

Here are some recommendations below  

• Use EDR tools to monitor any indicators like Office crashes or logs. 

• Disable unused services to prevent any remote access or other exploitation. 

• Apply least privilege access in Office and Azure environments. 

• Segment networks to reduce any lateral movement. 

Conclusion: 
Critical RCE flaws in Office and WSUS, along with privilege escalation bugs, pose significant risks for ransomware, data theft and lateral movement. Administrator, users & security teams should deploy patches immediately, enhance monitoring and apply mitigations to reduce exposure. 

References: 

• https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct 

• https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/