CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

First reported
Last updated
5 unique sources, 10 articles

Summary

Hide ▲

Microsoft's October 2025 Patch Tuesday marked the end of free security updates for Windows 10, addressing 183 vulnerabilities, including six zero-days, with the final cumulative update **KB5066791**. The update also introduced critical fixes for components like Windows SMB Server, Microsoft SQL Server, and Remote Access Connection Manager, alongside third-party vulnerabilities in AMD EPYC processors and IGEL OS. However, a newly disclosed **February 2026 Patch Tuesday** update fixed **CVE-2026-20841**, a high-severity remote code execution flaw in **Windows 11 Notepad** that allowed attackers to execute arbitrary programs via malicious Markdown links without security warnings. The flaw, affecting Notepad versions 11.2510 and earlier, exploited improper command neutralization to launch unverified protocols (e.g., `file://`, `ms-appinstaller://`). Microsoft mitigated the risk by adding execution warnings for non-HTTP(S) URIs, with updates distributed automatically via the Microsoft Store. Prior milestones included out-of-band patches for a critical **WSUS vulnerability (CVE-2025-59287)** with public exploit code, smart card authentication issues caused by cryptographic service changes, and a **RasMan zero-day** (DoS vulnerability) affecting all Windows versions. Windows 10 reached end-of-life, with Extended Security Updates (ESU) available for purchase, while Exchange Server 2016/2019 and Skype for Business 2016 also ended support. The October 2025 update remains the largest on record, with 183 CVEs pushing Microsoft’s annual vulnerability count past 1,021.

Timeline

  1. 12.02.2026 01:15 1 articles · 3h ago

    Windows 11 Notepad RCE flaw via Markdown links patched

    Microsoft fixed **CVE-2026-20841**, a high-severity remote code execution vulnerability in **Windows 11 Notepad**, in the February 2026 Patch Tuesday update. The flaw allowed attackers to execute local or remote programs by tricking users into clicking malicious Markdown links (e.g., `file://`, `ms-appinstaller://`) without Windows security warnings. Exploitation required opening a crafted `.md` file in Notepad’s Markdown mode and using Ctrl+click on the link, which would execute unverified protocols. The issue, discovered by Cristian Papa, Alasdair Gorniak, and Chen, stemmed from improper neutralization of special command elements. Microsoft mitigated the risk by adding warnings for non-HTTP(S) URI links before execution, though users could still bypass warnings via social engineering. The patch is distributed automatically via the Microsoft Store, reducing the likelihood of widespread exploitation. The vulnerability affected Notepad versions **11.2510 and earlier**, underscoring risks in modernizing legacy applications with expanded functionality (e.g., Markdown support).

    Show sources
    Open in new tab
  2. 12.12.2025 13:28 1 articles · 2mo ago

    New Windows RasMan zero-day flaw gets free, unofficial patches

    A new Windows zero-day vulnerability allows attackers to crash the Remote Access Connection Manager (RasMan) service. The RasMan service is a critical Windows system service that runs with SYSTEM-level privileges. The zero-day flaw is a denial-of-service (DoS) vulnerability that affects all Windows versions, including Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The flaw allows unprivileged users to crash the RasMan service due to a coding error in how it processes circular linked lists. ACROS Security provides free, unofficial security patches for this Windows RasMan zero-day via its 0patch micropatching service. The micropatch can be installed by creating an account and installing the 0Patch agent, which applies the patch automatically without requiring a restart.

    Show sources
    Open in new tab
  3. 24.10.2025 10:27 1 articles · 3mo ago

    Microsoft releases out-of-band updates for critical WSUS vulnerability

    Microsoft has released out-of-band (OOB) security updates to address a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. This vulnerability can be exploited remotely in low-complexity attacks, allowing threat actors to run malicious code with SYSTEM privileges. The update is available for all impacted Windows Server versions, and Microsoft advises immediate installation. Workarounds include disabling the WSUS Server Role or blocking specific ports on the host firewall. The OOB update supersedes all previous updates for affected versions.

    Show sources
    Open in new tab
  4. 15.10.2025 01:57 2 articles · 4mo ago

    Microsoft Office vulnerabilities CVE-2025-59227 and CVE-2025-59234 exploit Preview Pane

    CVE-2025-59227 and CVE-2025-59234 are remote code execution bugs in Microsoft Office that exploit the Preview Pane, allowing attackers to execute code without the target opening the file. This vulnerability requires social engineering to trick the target into previewing a malicious email with an Office document.

    Show sources
    Open in new tab
  5. 15.10.2025 01:57 2 articles · 4mo ago

    Microsoft Word automatically saves documents to OneDrive

    Microsoft Word will now automatically save documents to OneDrive, with an option to disable this feature in Word's settings. This change affects all users, and guidance is provided for those who prefer not to use OneDrive for document storage.

    Show sources
    Open in new tab
  6. 15.10.2025 01:57 2 articles · 4mo ago

    End-of-life for multiple Microsoft products, including Windows 10

    Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade.

    Show sources
    Open in new tab
  7. 14.10.2025 21:02 9 articles · 4mo ago

    Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

    The October 2025 Windows security updates cause smart card authentication and certificate issues across all Windows 10, Windows 11, and Windows Server releases. The issue is due to a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services. Affected users may experience various symptoms, including the inability to sign documents, failures in applications using certificate-based authentication, and smart cards not being recognized as CSP providers in 32-bit apps. The issue can be detected by the presence of Event ID 624 in the System event logs for the Smart Card Service prior to installing the October 2025 Windows security update. The fix is enabled by setting the DisableCapiOverrideForRSA registry key value to 1 to isolate cryptographic operations from the Smart Card implementation. Users experiencing authentication problems can manually resolve the issue by disabling the DisableCapiOverrideForRSA registry key. The DisableCapiOverrideForRSA registry key will be removed in April 2026, and users are advised to work with their application vendors to resolve the underlying problem. Microsoft also fixed another known issue breaking IIS websites and HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates. Microsoft has released out-of-band (OOB) security updates to address a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. This vulnerability can be exploited remotely in low-complexity attacks, allowing threat actors to run malicious code with SYSTEM privileges. The update is available for all impacted Windows Server versions, and Microsoft advises immediate installation. Workarounds include disabling the WSUS Server Role or blocking specific ports on the host firewall. The OOB update supersedes all previous updates for affected versions. A new Windows zero-day vulnerability allows attackers to crash the Remote Access Connection Manager (RasMan) service. The RasMan service is a critical Windows system service that runs with SYSTEM-level privileges. The zero-day flaw is a denial-of-service (DoS) vulnerability that affects all Windows versions, including Windows 7 through Windows 11 and Windows Server 2008 R2 through Server 2025. The flaw allows unprivileged users to crash the RasMan service due to a coding error in how it processes circular linked lists. ACROS Security provides free, unofficial security patches for this Windows RasMan zero-day via its 0patch micropatching service. The micropatch can be installed by creating an account and installing the 0Patch agent, which applies the patch automatically without requiring a restart.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft February 2026 Patch Tuesday Addresses 6 Zero-Days and 59 Flaws

Microsoft's February 2026 Patch Tuesday addresses 59 vulnerabilities, including 6 actively exploited zero-days and 3 publicly disclosed flaws. The updates include fixes for 5 critical vulnerabilities, with three being security feature bypass flaws in various Microsoft products. The zero-days span components such as Windows Shell, MSHTML Framework, Microsoft Word, Desktop Window Manager, Windows Remote Access Connection Manager, and Windows Remote Desktop Services. Microsoft issued an out-of-band patch for one of the zero-days, CVE-2026-21514, highlighting its urgency. The updates also cover a range of other vulnerabilities, including elevation of privilege, security feature bypass, remote code execution, information disclosure, denial of service, and spoofing flaws. Additionally, Microsoft has begun rolling out updated Secure Boot certificates to replace expiring 2011 certificates. Other vendors, including Adobe, BeyondTrust, CISA, Cisco, Fortinet, Google, n8n, and SAP, have also released security updates or advisories.

Open in new tab

Windows 11 Update KB5074109 Causes Outlook Freezes for POP Users

Microsoft has released emergency out-of-band updates on January 25, 2026, to address an issue causing Microsoft Outlook to freeze for users with POP email accounts. The problem, which affects users of Windows 11 25H2 and 24H2, Windows 10, and multiple Windows Server platforms, occurs when PST files are stored in cloud storage like OneDrive or Dropbox. The issue prevents Outlook from exiting properly and restarting after being closed. Users can temporarily resolve the issue by uninstalling the KB5074109 update or accessing their email accounts via webmail or moving their Outlook PST files out of OneDrive. The out-of-band updates include fixes for other issues, such as access to Microsoft 365 Cloud PC sessions and Secure Launch bugs.

Open in new tab

Windows 11 23H2 Shutdown Issue with System Guard Secure Launch

Windows 11 23H2 devices with System Guard Secure Launch enabled fail to shut down properly after installing the January 13, 2026, cumulative update (KB5073455). Affected systems restart instead of shutting down or entering hibernation. This issue impacts Enterprise and IoT editions of Windows 11, version 23H2, as well as Windows 10 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 Enterprise LTSC 2019 with Virtual Secure Mode (VSM) enabled. Microsoft has provided a temporary workaround for shutdown but no solution for hibernation. The company is also addressing a separate bug in the January 2026 KB5074109 update causing Remote Desktop connection failures. Microsoft has released an out-of-band update (KB5077797) to fix the shutdown issue in Windows 11 23H2.

Open in new tab

Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

Microsoft's January 2026 Patch Tuesday addressed 114 vulnerabilities, including three zero-days: one actively exploited (CVE-2026-20805) and two publicly disclosed (CVE-2026-21265 and CVE-2023-31096). The updates covered a range of flaw types, with eight classified as 'Critical,' including remote code execution and elevation-of-privilege vulnerabilities. Additionally, Microsoft released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) exploited in attacks, affecting multiple Office versions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20805 and CVE-2026-21509 to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026, and February 16, 2026, respectively. The flaw was discovered by the Microsoft Threat Intelligence Center (MSTIC), the Microsoft Security Response Center (MSRC), and the Office Product Group Security Team, and affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

Open in new tab

Microsoft December 2025 Updates Break Message Queuing Functionality

Microsoft's December 2025 security updates caused Message Queuing (MSMQ) failures across Windows 10 22H2, Windows Server 2019, and Windows Server 2016 systems. The issue arose from security model changes that modified permissions on a critical system folder, leading to errors in MSMQ queues and IIS sites. Affected systems experienced inactive queues, resource errors, and application failures. Microsoft has released an out-of-band update (KB5074976) via Update Catalog to address the issue. The company initially advised enterprise customers to contact support for a temporary workaround, and the update is now available for download.

Open in new tab