{"id":35329,"date":"2025-10-15T15:21:09","date_gmt":"2025-10-15T15:21:09","guid":{"rendered":"https:\/\/agooka.com\/news\/technologies\/microsofts-biggest-ever-patch-tuesday-fixes-175-bugs\/"},"modified":"2025-10-15T15:21:09","modified_gmt":"2025-10-15T15:21:09","slug":"microsofts-biggest-ever-patch-tuesday-fixes-175-bugs","status":"publish","type":"post","link":"https:\/\/agooka.com\/news\/technologies\/microsofts-biggest-ever-patch-tuesday-fixes-175-bugs\/","title":{"rendered":"Microsoft\u2019s biggest-ever Patch Tuesday fixes 175 bugs"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/dataconomy.com\/wp-content\/uploads\/2025\/10\/1174448.jpg\" alt=\"Microsoft\u2019s biggest-ever Patch Tuesday fixes 175 bugs\" title=\"Microsoft\u2019s biggest-ever Patch Tuesday fixes 175 bugs\"\/><\/p>\n<p>Microsoft released its October 2025 Patch Tuesday security update, a record-sized release addressing 175 vulnerabilities. The update includes two actively exploited zero-day flaws and also designates the end of regular security support for the Windows 10 operating system.<\/p>\n<p>The volume of 175 Common Vulnerabilities and Exposures (CVEs) establishes this release as the largest single Patch Tuesday update documented by security researchers in recent years. This single month\u2019s release has propelled the total number of unique vulnerabilities patched by the company in 2025 to 1,021. This figure surpasses the entire previous year\u2019s total of 1,009 patched CVEs. Satnam Narang, a senior staff research engineer at Tenable, stated, \u201cWith two months remaining this year, we\u2019ve already blown last year\u2019s tally of 1,009 CVEs patched, as this month\u2019s release brings us up to 1,021.\u201d<\/p>\n<p>Narang specified that this update is the largest since Tenable began tracking Microsoft patch releases in 2017. He also clarified that this count does not include out-of-cycle patches issued prior to the main update or vulnerabilities for which Microsoft is not the designated issuer. The collection of flaws addressed a wide spectrum of security issues, including remote code execution (RCE) vulnerabilities, elevation of privilege (EoP) flaws, data theft vectors, denial-of-service (DoS) attack methods, and bypasses of existing security features across numerous Microsoft products.<\/p>\n<p>Among the vulnerabilities, two zero-day flaws are under active exploitation by attackers. The first, identified as CVE-2025-59230, is a privilege escalation vulnerability in the Windows Remote Access Connection Manager and carries a Common Vulnerability Scoring System (CVSS) score of 7.8. This flaw permits an attacker who has already gained initial access to a system with low privileges to elevate their status to that of an administrator. Mike Walters, president and co-founder of Action1, provided analysis on the vulnerability\u2019s mechanism. He assessed that the flaw relates to how the service, which manages virtual private network (VPN) and other remote connections, processes commands from low-privileged users without sufficient authentication. \u201cExploitation of this vulnerability is relatively easy, making it accessible even to attackers with moderate technical skills,\u201d Walters commented.<\/p>\n<p>The second actively exploited zero-day, CVE-2025-24990, is also an elevation of privilege vulnerability with a CVSS score of 7.8. This flaw resides in a third-party driver for the Windows Agere modem. This specific driver is natively included with all supported versions of the Windows operating system, making its presence widespread. An attacker can leverage this vulnerability to gain system-level privileges on an affected computer. The flaw is exploitable even if the Agere modem hardware is not being actively used at the time of the attack. In response, Microsoft has removed the driver from the operating system through the update. This action means that Agere modems reliant on this driver will cease to function on patched Windows systems. In its advisory on the matter, Microsoft issued a direct recommendation, stating that users should \u201cremove any existing dependencies on this hardware.\u201d<\/p>\n<p>The update also contains other high-priority issues security teams are advised to address. One such vulnerability is CVE-2025-59287, a remote code execution bug in the Windows Server Update Service (WSUS) with a CVSS score of 9.8. WSUS is the component organizations use to centrally manage and distribute software updates and patches to computers on their networks. Walters of Action1 identified this as a critical issue, explaining that a successful exploit could lead to severe consequences. These potential outcomes include the \u201ccomplete compromise of the patching infrastructure, deployment of malicious \u2018updates\u2019 to managed systems, lateral movement throughout the environment, and the creation of persistent backdoors in the update infrastructure,\u201d he said. Microsoft has officially categorized CVE-2025-59287 as a vulnerability that attackers are more likely to exploit.<\/p>\n<p>Another severe flaw addressed is CVE-2025-55315, a security-feature bypass in the ASP.NET Core framework, which received a CVSS score of 9.9. According to Microsoft\u2019s assessment, this vulnerability could have a high impact on a system\u2019s confidentiality, integrity, and availability. A successful exploit would grant an attacker the ability to view user credentials, alter the contents of files on the target server, or precipitate a system crash. Ben McCarthy, lead cyber security engineer at Immersive, provided additional context on the exploit conditions. \u201cIt is important to note that this vulnerability is not exploitable by an anonymous attacker; it requires the threat actor to first be authenticated with valid, low-privilege user credentials,\u201d McCarthy stated in his commentary on the patch release.<\/p>\n<p>This October update cycle also officially marks the end of life for the Windows 10 operating system. This means Microsoft will no longer provide regular security patches for vulnerabilities discovered in the operating system as part of its monthly Patch Tuesday schedule. The cessation of support affects a substantial user base, as the Windows 10 operating system currently holds an approximate 41% share of the desktop Windows version market worldwide.<\/p>\n<p>For organizations that continue to operate systems running Windows 10, a specific path for continued support is required. Nick Carroll, a cyber incident response manager at Nightwing, explained in a statement that these entities will need to enroll in the Extended Security Updates (ESU) program to receive security patches beyond this final update. The ESU program is a paid service that provides security fixes for a limited time after a product\u2019s official end-of-support date.<\/p>\n<p>The end of support was not limited to Windows 10. Several other Microsoft products also reached their end-of-life milestone this week. This list includes Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016. These products will also no longer receive regular security updates. Carroll commented on the broader implications of this lifecycle stage for multiple products. \u201cAll these products and more will stop getting security patches,\u201d he said, \u201cbut that doesn\u2019t mean the threat actors will stop making new exploits for them.\u201d<\/p>\n<p><strong>Featured image credit<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft released its October 2025 Patch Tuesday security update, a record-sized release addressing 175 vulnerabilities. The update includes two actively exploited zero-day flaws and also designates the end of regular security support for the Windows 10 operating system. The volume of 175 Common Vulnerabilities and Exposures (CVEs) establishes this release as the largest single Patch [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":35330,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[37],"tags":[],"class_list":{"0":"post-35329","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technologies"},"_links":{"self":[{"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/posts\/35329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/comments?post=35329"}],"version-history":[{"count":0,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/posts\/35329\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/media\/35330"}],"wp:attachment":[{"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/media?parent=35329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/categories?post=35329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/agooka.com\/news\/wp-json\/wp\/v2\/tags?post=35329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}