October Patch Tuesday: Microsoft Fixes 6 Zero-Days (4 Exploited) as Windows 10 Support Officially Ends
Yesterday, Microsoft released its traditional October security update, addressing 172 vulnerabilities across its products. The patch includes six dangerous zero-day flaws and eight critical vulnerabilities — five enabling remote code execution, and three allowing privilege escalation.
The updates span a broad array of system components: 80 privilege escalation flaws, 31 remote code execution bugs, 28 information disclosure issues, 11 security feature bypasses, 11 denial-of-service vulnerabilities, and 10 instances of data spoofing. Notably, this count excludes fixes rolled out earlier this month for Azure, Mariner, Microsoft Edge, and other platforms.
This update carries particular significance as it marks the end of support for Windows 10 — the last Patch Tuesday in which Microsoft will provide free security updates for the operating system. Home users may opt into a paid one-year Extended Security Updates subscription, while enterprise customers are offered plans extending up to three years.
The October update resolves six zero-day vulnerabilities, two of which had already been publicly disclosed prior to patch release. The first affected Windows SMB Server, and the second impacted SQL Server. Additionally, Microsoft fixed three actively exploited zero-days.
One of these, CVE-2025-24990, involves a vulnerability in the Agere Modem driver, which shipped with Windows by default. The driver’s removal is now part of the October cumulative update, though it will render fax-capable modems nonfunctional. The flaw allowed attackers to gain administrator-level privileges.
Another critical issue, CVE-2025-59230, resided in the Windows Remote Connection Manager, enabling SYSTEM-level privilege escalation. It was jointly investigated by the MSTIC and MSRC teams. The third, CVE-2025-47827, concerned a Secure Boot bypass in IGEL OS, disclosed on GitHub by security researcher Zac Didcott.
Among publicly known but still unpatched issues is CVE-2025-0033, a vulnerability affecting AMD EPYC server processors supporting SEV-SNP. It involves a race condition during memory-mapping table initialization, potentially allowing a hypervisor to alter data before it is locked, compromising the integrity of protected virtual machines. The flaw was discovered by researchers at ETH Zurich, with technical details later published by AMD.
A related issue, CVE-2025-24052, mirrors the Agere Modem flaw — Microsoft notes that the exploit may succeed even if the modem itself is not in use. Another vulnerability, CVE-2025-2884, was found in TCG’s TPM 2.0 implementation, caused by improper signature scheme validation, which could lead to information leaks or denial of service. The issue was reported anonymously and made public by the Trusted Computing Group (TCG).
This final update for Windows 10, combined with the comprehensive October security rollout, underscores how vulnerable modern digital infrastructure can become without timely protection. With dozens of flaws allowing privilege escalation, Secure Boot circumvention, and arbitrary code execution, delaying patch installation poses a direct risk. And as free support for Windows 10 officially ends, the question looms larger than ever: Is your system truly ready to operate without regular security updates — and what might the consequences be if it isn’t?
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
