Home Tech News Microsoft October 2025 Patch Tuesday Update for windows 11 and 10

Microsoft October 2025 Patch Tuesday Update for windows 11 and 10

Microsoft’s October 2025 Patch Tuesday fixes 172 vulnerabilities, including six zero-day exploits, introduces new Windows 11 features, and marks the end of free updates for Windows 10.

By
Steve Ballmer
-

Microsoft’s October 2025 Patch Tuesday update was released with critical security fixes, performance improvements, and new features for Windows 11, Windows 10, and Windows Server. This time, Microsoft fixes 172 vulnerabilities across its software ecosystem, including six zero-day vulnerabilities. Microsoft also fixes eight “Critical” vulnerabilities, five of which are remote code execution vulnerabilities and three are elevation of privilege vulnerabilities.

October 2025 Patch Summary at a Glance

What is the Patch Tuesday Update?

Microsoft Patch Tuesday Update, the colloquial term for Microsoft’s Update Tuesday, falls on the second Tuesday of every month and brings security updates to fix vulnerabilities or recent bugs.

A vulnerability is a weakness or flaw in a software or hardware component that an attacker could exploit to gain unauthorized access, execute malicious code, or cause damage or disruption. A bug is an error or defect in a software or hardware component that could cause it to malfunction or behave unexpectedly.

A security update is a software patch that fixes or mitigates one or more vulnerabilities or bugs.

A security update can have different ratings depending on the severity and impact of the vulnerability or bug it addresses. Microsoft uses four ratings: critical, important, moderate, and low.

  • The critical update fixes a vulnerability that could allow an attacker to take complete control of a system without user interaction.
  • An Important update fixes a vulnerability that could compromise data or functionality but requires user interaction or specific conditions.
  • A moderate update fixes a vulnerability that is unlikely to be exploited but could still have some impact.
  • A Low update fixes a vulnerability that is very unlikely to be exploited and has minimal impact.

Microsoft Fixes 172 Vulnerabilities — Including 6 Zero-Day Exploits

The October 2025 Patch Tuesday is one of the largest patch rollouts, addressing 172 vulnerabilities across Windows, Edge, Office, Azure, and other Microsoft products. Out of these, eight are classified as critical, primarily targeting remote code execution (RCE) and privilege escalation. Microsoft also patch six actively exploited zero-day vulnerabilities affect multiple Windows components, such as kernel drivers, Secure Boot, TPM 2.0, and more.

Six zero-day vulnerabilities

  • CVE-2025-24990 — Windows Agere Modem Driver EoP: A flaw in the old Agere Modem Driver lets attackers gain admin privileges. The driver has been removed in this update. CISA lists it as actively exploited.
  • CVE-2025-59230 — Windows Remote Access Connection Manager EoP: A privilege escalation bug in RASMan, which manages VPN and dial-up connections. Attackers can gain SYSTEM-level access.
  • CVE-2025-24052 — Another Agere Modem Driver EoP: Similar to CVE-2025-24990, this second flaw in the same driver allows attackers to elevate privileges. Fixed by removing the driver.
  • CVE-2025-2884 — TPM 2.0 Out-of-Bounds Read: A flaw in the TPM 2.0 Reference Implementation may lead to information disclosure due to improper signature validation. Fixed in the October updates.
  • CVE-2025-47827 — Secure Boot Bypass in IGEL OS: Improper signature checks in IGEL OS (before v11) let attackers bypass Secure Boot and load unverified images.
  • CVE-2025-0033 — AMD RMP Corruption During SNP Initialization: A race condition in AMD EPYC processors could let a malicious hypervisor modify protected memory mappings, affecting SEV-SNP VMs.

Eight critical vulnerabilities

Microsoft also patched eight critical vulnerabilities that could lead to remote code execution (RCE) or privilege escalation across Microsoft Office, Windows components, Azure services, and more.

  • CVE-2025-59234 — Microsoft Office Remote Code Execution Vulnerability: A use-after-free flaw in Microsoft Office lets attackers execute arbitrary code if a user opens a malicious Office file. Exploitation requires user interaction.
  • CVE-2025-49708 — Windows Graphics Component RCE: A use-after-free bug in the Windows Graphics Component could allow a network attacker to run code remotely and gain SYSTEM-level privileges.
  • CVE-2025-59291 — Azure Container Instances Elevation of Privilege: An issue in Azure Compute Gallery lets authenticated attackers mount malicious file shares, leading to local privilege escalation or potential remote code execution.
  • CVE-2025-59292 — Azure Compute Gallery Elevation of Privilege: Similar to CVE-2025-59291, this flaw allows attackers to control file paths or names within Azure Compute Gallery, enabling privilege escalation on affected systems.
  • CVE-2025-59227 — Microsoft Office Remote Code Execution Vulnerability: Another use-after-free issue in Microsoft Office that allows unauthenticated attackers to execute malicious code locally when users open crafted documents.
  • CVE-2025-59287 — Windows Server Update Services (WSUS) Remote Code Execution: A flaw in WSUS allows unauthenticated remote attackers to execute code over the network via unsafe object deserialization. This could let an attacker take full control of the server.
  • CVE-2016-9535 — LibTIFF Heap Buffer Overflow Vulnerability: A legacy flaw in LibTIFF (v4.0.6) used by Windows and Office components may cause heap buffer overflows when processing specially crafted TIFF images. Exploiting this could lead to code execution or crashes.
  • CVE-2025-59236 — Microsoft Excel Remote Code Execution Vulnerability: A use-after-free flaw in Microsoft Excel enables attackers to execute arbitrary code if users open a malicious spreadsheet. No authentication required.

End of Free Windows 10 Updates — Support Officially Ends

October 14, 2025, marks the official end of support for Windows 10, meaning this Patch Tuesday is the final free cumulative update KB5066791 for all editions of Windows 10. After this date:

  • No more security patches or quality updates will be provided for Windows 10 users not enrolled in the Extended Security Updates (ESU) program.
  • Devices running Windows 10 will become more vulnerable to malware, ransomware, and zero-day attacks.
  • Microsoft encourages users to upgrade to Windows 11 or enroll in ESU for free to continue protection.

However, certain components like Microsoft Defender definitions and Microsoft 365 apps may continue receiving limited updates separately.

Note: For users unable to upgrade due to hardware compatibility, Microsoft has confirmed that one year of free ESU will be available for eligible users, offering an extra layer of protection during the transition period.

New Windows 11 Features Introduced in October 2025 Update

Although the focus is on security, this month’s cumulative update KB5066835, also includes notable enhancements for Windows 11 versions 24H2 and 25H2.

  • Administrator Protection: A new system-level security mechanism that runs untrusted or unsigned apps within an isolated admin environment, reducing the risk of privilege-based attacks.
  • AI Actions in File Explorer: Users can now access AI-powered context menu options like “Summarize via Copilot” or “Describe Image” directly from File Explorer — improving workflow efficiency for creators and professionals.
  • Customizable On-Screen Indicators: Windows 11 now lets you move on-screen indicators (for volume, brightness, etc.) anywhere on the display — offering more UI flexibility.
  • Enhanced Windows Share UI: The Share dialog now includes a “Pin apps” option, allowing you to pin your favorite apps for faster sharing access.
  • New “Advanced Settings” Page: A redesigned Settings app consolidates more legacy Control Panel features, including new passkey management options for third-party providers like 1Password.
  • Braille Viewer for Narrator: Accessibility receives a major upgrade with a new Braille Viewer, allowing visually impaired users to preview Braille output directly on screen.

These updates also enhance the servicing stack, ensuring a reliable update process. You can download these patches via Windows Update or from the Microsoft Update Catalog.

Download the Microsoft Security Update

To download and install the updates, users can use Windows Update, Microsoft Update Catalog, or other tools such as Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM).

Usually, security updates are automatically downloaded and installed via Windows Update. Or you can force Windows update from settings, Windows Update, and check for updates to download and install the latest patch updates immediately.

Download KB5066835 for Windows 11

Microsoft has published download links for Windows update offline installers if you prefer manual installation over Windows Update.

Windows 10 KB5066586 (for version 1809) Offline Download Links

If you are looking for the Windows 10 version 22H2 ISO image, click here.

Or check How to Upgrade to Windows 11 version 25H2 Using the media creation tool.

If you face any difficulty while installing these updates, check the Windows 11 Update troubleshooting guide to fix the Windows 11 update KB5065426 stuck downloading, failed to install with different errors, etc.

 

FAQ on Patch Tuesday update

What is Patch Tuesday?

  • Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday, which falls on the second Tuesday of every month.

When is Patch Tuesday?

  • Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on October 14, 2025.

What is patching, and why is it important?

  • Patches are nothing but pieces of software code that are written to fix a bug in a software application that might lead to a vulnerability.

What kind of patch updates are released during Patch Tuesday?

  • Predominantly, security patch updates of varying severity, like Critical, Important, Moderate and low, are labeled and released.

What are CVE IDs?

  • CVE ID – Common Vulnerabilities and Exposures ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD).

Also Read

Steve Ballmer
With over 7 years of experience in the IT industry, I have experience in IT support, helpdesk, sysadmin, network admin, and cloud computing. Certified in Microsoft Technologies (MCTS and MCSA) and also Cisco Certified Professional in Routing and Switching.

RELATED ARTICLES

2025 Windows101Tricks | Not associated with Microsoft
Exit mobile version