Skip to main content

Overview

Microsoft’s October Patch Tuesday addressed 172 security flaws, including 6 zero-day vulnerabilities, 8 rated critical, and at least 2 that are already being exploited. This update is particularly significant as it marks the final 'Patch Tuesday' for Windows 10.

Key Patched Vulnerabilities to Note:

  • CVE-2025-24990 Privilege Escalation in Agere Modem Driver: Allowed hackers to gain system-level privileges on affected systems. Microsoft have removed the vulnerable driver from Windows in response to active attacks on the flaw.
  • CVE-2025-59230 – Privilege Escalation in RasMan: Affects Windows Remote Access Connection Manager, commonly used for VPNs and dial-up networks. Hackers exploited this vulnerability to gain admin-level privileges.
  • CVE-2025-59227 & CVE-2025-59234 Microsoft Office Remote Code Execution (RCE): Exploitable via the Preview Pane, meaning users can be compromised without opening the file.
  • CVE-2025-59287 Critical RCE in Windows Server Update Service (WSUS): Exploitable without authentication. Has a threat score of 9.8 out of 10 so should be patched immediately on Windows Server environments.

Recommended Action: Apply October updates as soon as possible, especially on systems running WSUS, VPN services, or Office.

The full list can be found at: Microsoft's October 2025 Updates

 

Windows 10 End of Support – What Now?

As of 14th October 2025, Windows 10 has officially reached end of support. This means

  • No more free security updates or bug fixes
  • Increased exposure to malware and ransomware if you stay on Windows 10 without mitigation.

 

Your Options:

  • Upgrade to Windows 11 (recommended)
    • Free if your PC meets the requirements (TPM 2.0, Secure Boot, etc)
  • Enrol in Extended Security Updates (ESU)
    • Gives you one extra year on security patches (until October 2026)
    • Options include:
      • Free enrolment via OneDrive backup or Microsoft Rewards points
      • Paid option
    • Consider Alternatives
      • If your hardware can’t run Windows 11, explore:
        • Linux distributions (e.g. Ubuntu, Mint, ZorinOS) for secure, supported environments
        • New/Pre-owned device with specifications eligible for Windows 11 upgrade or with Windows 11 pre-installed

 

Other Related News

  • Windows 11 Update Issues

A recent Windows 11 update caused connectivity and peripheral problems. Microsoft is rolling out emergency fixes for these, so it is important to check for updates if affected.

  • End of Support for Legacy Products

Exchange Server 2016/2019, Office 2016/2019, and Skype for business 2016 also reached end of support this month.

 

What Should You Do Now?

  • Patch immediately – especially for zero-days and WSUS vulnerabilities.
  • Plan your Windows 10 migration – upgrade, enrol in ESU, or switch platforms.
  • Stay informed – follow Microsoft’s security advisories and CSC updates

 

 

Topics

  • news
  • Advisory
  • Vulnerability