Microsoft’s October 2025 Patch Tuesday marks the largest release on record, resolving 175 vulnerabilities in Windows and its components. Third-party updates included brings the total CVE count to 195.
Published on October 14, the update includes three zero-day vulnerabilities confirmed to be under active exploitation and two publicly disclosed flaws. Additionally, there are eight Critical severity issues with Common Vulnerability Scoring System (CVSS) scores ranging from 8.0 to 9.9.
The three actively exploited vulnerabilities are:
CVE-2025-24990 affects Windows Agere Modem Driver (ltmdm64.sys), a third-party component for Agere-branded fax modem hardware that ships natively with all supported Windows versions. This flaw could allow one to gain SYSTEM-level privileges, and achieve administrative control over the affected device.
Microsoft addressed this vulnerability by permanently removing the obsolete driver from Windows entirely. That means that any remaining fax modem hardware dependent on ltmdm64.sys will cease to function on patched systems.
Microsoft recommends that users "remove any existing dependencies on this hardware." The impact affects all Windows deployment types, as the driver's native inclusion means exposure exists regardless of hardware configuration.
CVE-2025-47827 is a third-party flaw compromising the Secure Boot trust chain via the igel-flash-driver module, allowing a malicious file system to entirely bypass security. A successful exploit could result in persistent root-level access to thin-client endpoints, enabling lateral movement across enterprise networks and undermining the integrity of Microsoft-hosted desktop environments.
While this flaw does not directly affect Microsoft software, it poses a significant risk to organizations using IGEL operating systems to deliver Windows virtual desktops via Remote Desktop Services or Azure Virtual Desktop (formerly Windows Virtual Desktop).
IGEL patched the issue in version 11 of its operating system. There are no known workarounds beyond upgrading, and administrators are advised to verify Secure Boot enforcement and image integrity across all IGEL-managed endpoints.
CVE-2025-59230 is a privilege escalation vulnerability in Windows Remote Access Connection Manager (aka RasMan). RasMan is a Windows service responsible for handling dial-up and VPN connections.
This service manages the connection process, authentication, and communication between the client and remote network, and has been part of Windows networking infrastructure since the early days of dial-up networking.
Many enterprise environments use VPNs for remote access, and RasMan plays a role in initiating and maintaining those connections. Vulnerabilities in RasMan, like CVE-2025-59230, can therefore have serious implications for remote access security.
Another significant update included CVE-2025-59287, a remote code execution vulnerability in Windows Server Update Services (WSUS), a core component used in enterprise environments to centrally manage and distribute Microsoft updates across Windows endpoints.
With a CVSS score of 9.8 and Microsoft noting that exploitation is “more likely,” the flaw poses a significant risk to patching infrastructure, as a successful attack could compromise the update pipeline and enable distribution of malicious software.
October Patch Tuesday also coincides with the end of free security updates for Windows 10, Office 2016/2019, and Exchange Server 2016/2019. This means Microsoft will no longer provide regular security patches for vulnerabilities discovered in these products as part of monthly Patch Tuesday releases.
Organizations continuing to operate Windows will have to migrate to Windows 11 (which requires newer hardware meeting Trusted Platform Module 2.0 and other specifications), enroll in the Extended Security Update (ESU) program, or accept the security risks of operating unsupported systems. The ESU program is a paid subscription service that provides critical and important security updates for a limited time beyond the end-of-support date.
Organizations are advised to apply the latest patches as soon as possible. Testing and deployment of these patches within 72 hours is recommended for production environments to minimize exposure to active exploitation and high-likelihood attack vectors.
Priority should be given to systems with internet exposure, those processing untrusted content, or infrastructure components like Windows Server Update Service that could enable network-wide compromise if exploited.
Organizations operating Windows 10 systems should accelerate evaluation of the ESU program enrollment or Windows 11 migration projects, as the October 2025 release represents the final free security update for this platform.