CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

First reported
Last updated
5 unique sources, 6 articles

Summary

Hide ▲

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade.

Timeline

  1. 15.10.2025 01:57 2 articles · 1d ago

    Microsoft Office vulnerabilities CVE-2025-59227 and CVE-2025-59234 exploit Preview Pane

    CVE-2025-59227 and CVE-2025-59234 are remote code execution bugs in Microsoft Office that exploit the Preview Pane, allowing attackers to execute code without the target opening the file. This vulnerability requires social engineering to trick the target into previewing a malicious email with an Office document.

    Show sources
  2. 15.10.2025 01:57 2 articles · 1d ago

    Microsoft Word automatically saves documents to OneDrive

    Microsoft Word will now automatically save documents to OneDrive, with an option to disable this feature in Word's settings. This change affects all users, and guidance is provided for those who prefer not to use OneDrive for document storage.

    Show sources
  3. 15.10.2025 01:57 2 articles · 1d ago

    End-of-life for multiple Microsoft products, including Windows 10

    Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade.

    Show sources
  4. 14.10.2025 21:02 6 articles · 1d ago

    Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

    The final cumulative update for Windows 10 is KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. The update includes fixes for issues with the Chinese Input Method Editor (IME), USER32 Edit controls, PowerShell Remoting, and WinRM. It also introduces a servicing stack update (SSU) with an updated certificate chain for Azure environment validation. The update removes the ltmdm64.sys driver, affecting fax modem hardware dependent on this driver. The update fixes an issue with SMBv1 protocol connectivity and Windows Autopilot Enrollment Status Page (ESP). The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The article provides additional details on the zero-day vulnerabilities fixed in the October 2025 Patch Tuesday update, including CVE-2025-24990 in the Agere Modem driver and CVE-2025-59230 in Windows Remote Access Connection Manager. It also highlights critical vulnerabilities in Microsoft Office and the Windows Server Update Service (WSUS). The article discusses the end-of-life for multiple Microsoft products, including Windows 10, and offers alternatives for users, such as Extended Security Updates (ESU) and Linux. Additionally, it mentions the automatic saving of Microsoft Word documents to OneDrive and provides guidance for users who prefer not to use this feature. The article also details the active exploitation of three zero-day flaws: CVE-2025-59230 in the Windows Remote Access Connection Manager, CVE-2025-24990 in the Agere Modem driver, and CVE-2025-47827 in IGEL OS. The article discusses the removal of the Agere Modem driver due to security risks and the lack of a patch for CVE-2025-0033 in AMD EPYC processors. Additionally, it mentions the public disclosure of three zero-day vulnerabilities: CVE-2025-0033, CVE-2025-24052, and CVE-2025-2884.

    Show sources

Information Snippets

Similar Happenings

F5 BIG-IP Source Code and Vulnerability Information Stolen in Cyberattack

F5 has released security updates to address 44 vulnerabilities, including those stolen in a breach detected on August 9, 2025. The company has not found evidence that the stolen information has been used in actual attacks or disclosed publicly. The breach was attributed to a highly sophisticated nation-state threat actor, and F5 has taken extensive actions to contain the threat. F5's BIG-IP is a critical product used in application delivery networking and traffic management by many large enterprises. The company has 23,000 customers in 170 countries, including 48 of the Fortune 50 entities. The breach did not compromise F5's software supply chain or result in suspicious code modifications. The company has validated the safety of BIG-IP releases through multiple independent reviews by leading cybersecurity firms and has advised users to apply the latest updates for BIG-IP and related products. The breach involved a nation-state threat actor gaining persistent, long-term access to F5's product development environment and engineering knowledge management platforms. F5 disclosed the breach on October 15, 2025, confirming that the attack was detected in August 2025. The threat actor exfiltrated files containing BIG-IP source code and information regarding undisclosed vulnerabilities. F5 has not found evidence of access to or exfiltration of data tied to its CRM, financial, support case management, or iHealth systems, nor the NGINX source code or product development environment. F5 has identified no evidence of modification to its software supply chain, including source code, build pipeline, and release pipeline. F5 has worked with multiple incident response firms and law enforcement to mitigate the event and believes it has contained the threat. F5 has rotated credentials, strengthened access controls, deployed improved inventory and patch management automation, integrated better monitoring and detection tools, and implemented enhancements to network security infrastructure. F5 advises customers to apply the latest BIG-IP updates and has shared guidance for hardening customers' systems. On October 15, 2025, CISA directed federal civilian executive branch (FCEB) agencies to inventory F5 BIG-IP products and apply updates where necessary. The US government has urged federal agencies to take immediate action after F5 revealed it had been breached by a nation-state actor. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive demanding that federal agencies evaluate if the networked management interfaces are accessible from the public internet and apply updates from F5. CISA warned that the threat actor's access to the F5 development environment could enable it to conduct static and dynamic analysis to discover logical flaws, zero-day vulnerabilities, and targeted exploits. The Justice Department ordered a delay in public disclosure of the breach on September 12, 2025. F5 has improved internal security including access controls, inventory and patch management, network security, and monitoring of all software development platforms. Tom Kelermann, VP of cyber risk at Hitrust, argued that the F5 breach is likely to be the first stage in a supply chain campaign. Ilia Kolochenko, CEO of ImmuniWeb, agreed that the stolen IP could be used to craft zero-day exploits for subsequent APT campaigns.

Microsoft Releases October 2025 Patch Tuesday Updates for Windows 11

Microsoft has released Windows 11 cumulative updates KB5066835 and KB5066793 for versions 25H2/24H2 and 23H2. These updates address security vulnerabilities and various issues. The updates are mandatory as they include the October 2025 Patch Tuesday security patches. The updates fix several issues across different components, including browsers, gaming, PowerShell, Windows Hello, and more. Additionally, new features and improvements have been introduced, such as enhanced AI actions in File Explorer and improved accessibility features in Narrator. The updates also mark the second-to-last update for Windows 11 23H2, as its support ends in November 2025.

Legacy Operating Systems in Enterprise Networks

A recent analysis by runZero found that 8.56% of assets in enterprise networks are running end-of-life operating systems, with 5% of all observed assets already beyond security support as of September 30, 2025. This includes critical systems that cannot be upgraded due to compatibility issues. The upcoming end-of-life of Windows 10 on October 14, 2025, will significantly expand the attack surface, as one-third of all Windows systems worldwide are still running Windows 10. This situation poses a significant risk, as attackers can exploit vulnerabilities in these outdated systems, which will no longer receive security updates. Organizations need to be aware of the presence of these legacy systems and assess their security posture accordingly.

Microsoft to provide free Windows 10 security updates in EEA

Microsoft will offer free extended security updates for Windows 10 in the European Economic Area (EEA). The decision follows pressure from Euroconsumers, a consumer protection organization, and aims to ensure compliance with the Digital Markets Act (DMA). The updates will be available without requiring users to back up settings, apps, or credentials, or use Microsoft Rewards. Windows 10 support is set to end on October 14, 2025.

Steam to end support for 32-bit Windows in January 2026

Valve has announced that Steam will stop supporting 32-bit versions of Windows starting January 2026. This change affects a small fraction of users, as only 0.01% of Steam users are on 32-bit systems. The move is necessary because core Steam features rely on system drivers and libraries not supported on 32-bit Windows. Users are urged to upgrade to 64-bit versions of Windows to maintain compatibility and receive updates. Existing Steam installations on 32-bit systems will continue to function but will not receive further updates, including security patches. Microsoft has also announced that all versions of Windows 10 will reach end of support on October 14, 2025, with options for users to upgrade to Windows 11 or enroll in the Extended Security Updates (ESU) program.