Microsoft Drops Terrifyingly Large October Patch Update

Steven

Microsoft Drops Terrifyingly Large October Patch Update

Summary

Microsoft’s October Patch Tuesday is enormous: 175 CVEs were patched, including multiple zero-days that are already being exploited and several flaws Microsoft believes are likely targets for attackers. The total patched in 2025 now exceeds the whole of 2024, bringing the year’s tally to 1,021 CVEs so far. The flaws span remote code execution, elevation of privilege, data theft, denial of service and security-feature bypasses across many Windows components and services.

Key Points

  • October Patch Tuesday fixed 175 CVEs — the largest Microsoft Patch Tuesday on record in recent tracking.
  • Two zero-days are actively exploited: CVE-2025-59230 (Windows Remote Access Connection Manager) and CVE-2025-24990 (Agere modem driver) — both allow privilege escalation to system/admin level.
  • A third Agere-related zero-day with a public proof-of-concept (CVE-2025-24052) is also addressed; Microsoft removed the vulnerable driver (ltmdm64.sys) from Windows.
  • Microsoft’s October release also rolled in a patch for CVE-2025-47827 (IGEL OS Secure Boot bypass), which had an existing PoC and is being exploited in the wild.
  • High-priority fixes include an RCE in WSUS (CVE-2025-59287) and an ASP.NET Core security feature bypass (CVE-2025-55315) — both rated critical for enterprise defenders.
  • Windows 10 reached end of life with this update; organisations still on Win10 must move to Extended Security Updates (ESU) or upgrade to keep receiving patches.
  • With this release, 2025’s cumulative CVE count surpasses 2024’s total (1,021 vs 1,009), signalling an exceptionally active year for Microsoft vulnerabilities.

Content Summary

The patch bundle covers a broad range of Microsoft products and includes multiple high-severity and critical vulnerabilities. Two of the disclosed issues are zero-days actively exploited in the wild and permit escalation from low-privilege users to full system-level control. Microsoft removed a native Agere modem driver because of exploitation risk, which may break compatibility for some hardware.

Security teams should prioritise fixes for the WSUS RCE and ASP.NET Core bypass due to their potential to cause widespread compromise or data exposure. The update also emphasises the practical consequences of Windows 10 reaching end of life — nearly 41% of desktop Windows installs still run Win10, so many organisations face urgent upgrade or ESU decisions.

Context and Relevance

This is a consequential Patch Tuesday: active zero-days, a proof-of-concept for another, and critical infrastructure-level bugs (like WSUS) make it a high-priority patch cycle for enterprises. Removing a built-in driver is unusual and underlines the severity of some flaws. The Windows 10 EOL adds business risk — unpatched systems will become attractive targets, and threat actors will continue to weaponise legacy weaknesses.

Why should I read this

Yes, read it. Fast. This update isn’t just another batch of fixes — it contains actively exploited zero-days that let attackers become admins, a WSUS bug that could let attackers push malicious updates, and the end of Windows 10 support. If you manage endpoints, patching, or risk, this is exactly the kind of thing you need on your radar right now.

Source

Source: https://www.darkreading.com/vulnerabilities-threats/microsoft-october-patch-update