Microsoft’s October 2025 Patch Tuesday delivers fixes for 172 security issues, including six zero-days. Three were actively exploited before patches; three were publicly exposed. Windows 10 also reaches the final day of free security support. Key numbers, components, and source links appear below.
What happened on October 14, 2025
Microsoft released cumulative updates addressing 172 vulnerabilities. The company identified six zero-day issues: three exploited in attacks and three publicly disclosed. The set includes eight Critical-severity flaws: five permit remote code execution, and three enable elevation of privilege, as reported by BleepingComputer>. Advisory entries in Microsoft’s guide list affected products, CVEs, and severity.
Vulnerability categories in this release
- Elevation of Privilege: 80
- Security Feature Bypass: 11
- Remote Code Execution: 31
- Information Disclosure: 28
- Denial of Service: 11
- Spoofing: 10
Context: Windows 10 support milestone
Windows 10 reaches the end of free security updates with this cycle. Microsoft offers Extended Security Updates (ESU) for an additional period. Details appear in Microsoft’s security update documentation and release notes.
Which zero-days were fixed
The table lists the six zero-day entries referenced in reporting and advisories. Links point to Microsoft’s Security Update Guide or the original disclosures. Descriptions below mirror vendor language and public write-ups.
| CVE | Component | Type | Status noted |
|---|---|---|---|
| CVE-2025-24990> | Agere Modem driver (ltmdm64.sys) |
Elevation of Privilege | Exploited in the wild |
| CVE-2025-59230> | Remote Access Connection Manager (RasMan) | Elevation of Privilege | Exploited in the wild |
| CVE-2025-47827> | IGEL OS Secure Boot | Secure Boot bypass | Exploited in the wild |
| CVE-2025-0033> | AMD SEV-SNP (RMP initialization) | Integrity impact | Publicly disclosed |
| CVE-2025-24052> | Agere Modem driver | Elevation of Privilege | Publicly disclosed |
| CVE-2025-2884> | TCG TPM 2.0 reference implementation | Out-of-Bounds read | Publicly disclosed |
Notes from advisories and disclosures
- Microsoft removed the Agere
ltmdm64.sysdriver from supported Windows builds. The company notes that fax-modem hardware may stop functioning after removal. See the advisory linked under CVE-2025-24990>. - RasMan exploitation required local access and preparatory steps to escalate to
SYSTEM, per Microsoft’s description for CVE-2025-59230>. - The IGEL OS Secure Boot issue allowed a crafted SquashFS image to bypass signature checks. The public write-up is available on GitHub: CVE-2025-47827>.
- AMD’s SEV-SNP item concerns a race condition in Reverse Map Table initialization. AMD’s bulletin is here: AMD SB-3020>.
- The Trusted Computing Group published a PDF advisory for the TPM 2.0 issue referenced as CVE-2025-2884> and detailed at TCG advisory>.
How Microsoft framed overall risk without speculation
The counts distribute across privilege escalation, code execution, information leak, spoofing, and service disruption. The zero-day entries carry explicit exploitation or disclosure status. Several fixes integrate partner-assigned CVEs, including those from IGEL and TCG. For recent context on enterprise infrastructure risk during patch windows, see our earlier coverage of the F5 Networks breach>.
Additional vendor activity this month
Other companies issued updates during October 2025. These items help readers understand broader patch loads overlapping with Microsoft’s cycle.
- Adobe Security Bulletins>
- Cisco PSIRT advisories>
- DrayTek Vigor pre-auth RCE report>
- BleepingComputer coverage>
- Microsoft Security Update Guide>
- Microsoft definition of zero-day>