Overview

Microsoft’s October 2025 Patch Tuesday delivers 172 security fixes, including six zero-day vulnerabilities, across Windows and associated products. This release is especially significant as it marks the final free security update for Windows 10 for most users. Going forward, only those enrolled in Microsoft’s Extended Security Updates (ESU) program will continue receiving patches.

The update addresses a range of issues, including remote code execution (RCE), privilege escalation, information disclosure, denial of service (DoS), spoofing, and security feature bypasses.

Key Technical Details

  • Zero-Day Vulnerabilities: Six zero-days are resolved, including:
    • CVE-2025-24990 — Elevation of privilege via the Windows Agere Modem Driver.
    • Others were publicly disclosed or actively exploited before patch release.
  • Types of Exploits: Affected vectors include RCE, EoP, DoS, spoofing, and more.
  • Notable Targets:
    • Windows Kernel
    • Modem drivers
    • SMB server
    • SQL Server components
    • Office “Preview Pane” (can be triggered by simply previewing an email).
  • Exploit Status: Microsoft confirms at least some zero-days are actively exploited in the wild.

 

Affected Devices

  • Windows 10: All supported versions. This is the final free Patch Tuesday update unless enrolled in ESU.
  • Windows 11: Versions 24H2 and 25H2 receive updates KB5066835 and KB5066793, respectively.
  • Other Products: SQL Server and other cross-component services may also be affected.

 

Recommended Remediations

ctrl:cyber recommends installing the following remediations:

  • Apply all October 2025 updates immediately across affected devices.
  • Migrate Windows 10 systems to a supported OS (e.g., Windows 11) or enroll in ESU to maintain protection.
  • Prioritize patching externally exposed systems (e.g., servers, SMB endpoints).
  • Monitor for exploit indicators, especially related to zero-days mentioned above.
  • Harden configurations by disabling unnecessary services and limiting privilege escalation paths.
  • Disable Office “Preview Pane” features in email clients to reduce remote execution risk via email previews.

Sources: