End of Support for Microsoft Office 2016 and Office 2019

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade.

SonicWall has confirmed that all customers using its cloud backup service had firewall configuration files accessed by an unauthorized actor. The accessed backup files contain AES-256-encrypted credentials and configuration data, increasing the risk of targeted attacks. The breach, initially detected in early September 2025, was caused by brute-force attacks. SonicWall has advised customers to reset credentials, update secrets, and follow detailed guidance to mitigate potential risks. The company has cut off attackers' access and is collaborating with Mandiant and law enforcement agencies. Additionally, the Akira ransomware group has been targeting unpatched SonicWall devices, exploiting a year-old security flaw (CVE-2024-40766) and bypassing MFA on VPN accounts using previously stolen OTP seeds. There is no evidence that threat actors have leveraged exposed data against impacted customers in attacks at this time. In September 2025, SonicWall disclosed a security breach affecting MySonicWall accounts, resulting in the exposure of firewall configuration backup files for all customers using the cloud backup service. The breach, caused by a series of brute-force attacks, could facilitate easier exploitation of SonicWall firewalls by threat actors. SonicWall has advised customers to reset credentials, update secrets, and follow detailed guidance to mitigate potential risks. The company has cut off attackers' access and is collaborating with cybersecurity and law enforcement agencies. The exposed files may contain sensitive information, such as credentials and tokens, for services running on SonicWall devices. Additionally, the Akira ransomware group has been targeting unpatched SonicWall devices, exploiting a year-old security flaw (CVE-2024-40766) and bypassing MFA on VPN accounts using previously stolen OTP seeds. SonicWall confirmed that attackers accessed the API service for cloud backup and there is no evidence that threat actors have leveraged exposed data against impacted customers in attacks at this time. The threat actor UNC6148 has been deploying the OVERSTEP malware, a previously unknown persistent backdoor/user-mode rootkit, to maintain persistent access, steal sensitive credentials, and conceal its own components. The malware modifies the appliance's boot process to evade detection and hide files and activity. UNC6148 may have used an unknown zero-day remote code execution vulnerability to deploy OVERSTEP on SonicWall SMA appliances. Potential vulnerabilities exploited by UNC6148 include CVE-2021-20038, CVE-2024-38475, CVE-2021-20035, CVE-2021-20039, and CVE-2025-32819. SonicWall has advised customers to look for signs of compromise, such as gaps or deletions in SMA logs, unexpected appliance reboots, persistent admin sessions, unauthorized configuration changes, and reoccurring access following patching or resets. CISA recommends upgrading firmware, replacing and rebuilding SMA 500v, resetting OTP bindings, enforcing MFA, resetting passwords, and replacing certificates with private keys stored on the appliance. Over 100 SonicWall SSL VPN accounts across 16 customer accounts have been compromised. The compromised accounts were accessed rapidly, indicating the use of valid credentials rather than brute-forcing. The compromised accounts were accessed from the IP address 202.155.8[.]73. In some cases, threat actors conducted network scanning and attempted to access local Windows accounts. Huntress has not found evidence linking the breach to the recent spike in compromises.

Microsoft Exchange Server 2016 and 2019 have reached the end of extended support on October 14, 2025. After this date, Microsoft will no longer provide technical support, bug fixes, time zone updates, or security patches for these versions. Administrators are urged to migrate to Exchange Online or upgrade to Exchange Server Subscription Edition (SE) to maintain support and security. Exchange 2016 and 2019 will continue to operate after October 14, 2025, but running these versions will expose organizations to potential security risks. Microsoft reminded administrators in January and September 2025 that Exchange Server 2016 and 2019 would reach the end of support in October 2025.

Microsoft has ended support for Windows 10 on October 14, 2025. This includes all editions of Windows 10 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015. After this date, no further security updates, bug fixes, or technical assistance will be provided. Users must upgrade to Windows 11 or enroll in the Extended Security Updates (ESU) program to continue receiving support. A significant proportion of individual users and organizations still run the Windows 10 operating system, raising significant cybersecurity concerns. Over 40% of global endpoints still run Windows 10, and 26% of UK Windows 10 users do not plan to upgrade. The UK's National Cyber Security Centre (NCSC) has urged customers to upgrade before October 11, 2025, highlighting past exploits of unpatched legacy systems. Experts warn of increased targeting of Windows 10 flaws post end-of-life date. The end of support affects Windows 10 Home, Pro, Enterprise, Education, and IoT Enterprise editions. Microsoft advises users to migrate to Windows 11 or use the ESU program, which offers one year of extended support for a fee. Alternatively, users can switch to Long-Term Servicing Channel (LTSC) releases for specialized devices. Microsoft will allow individual customers in the European Economic Area (EEA) to enroll in the ESU program for free if they use a Microsoft account to enroll and log in to Windows.

Microsoft has issued multiple alerts to users to upgrade from Windows 11 23H2 Home and Pro editions, which will reach end of support on November 11, 2025. After this date, these editions will no longer receive security updates or protections from the latest threats. Users are advised to upgrade to Windows 11 24H2, also known as the Windows 11 2024 Update. Enterprise and Education editions will continue to receive support until November 10, 2026. The end of support for Windows 11 23H2 Home and Pro editions will leave devices running these versions vulnerable to security threats. Users must upgrade to the latest version to continue receiving security updates and protections. Microsoft has also announced that Windows 11 22H2 Home and Pro editions will reach end of support on October 14, 2025. Windows 11 25H2, also known as the Windows 11 2025 Update, is available to all eligible Windows 11 24H2 devices.