Skip to Content

Patch Tuesday - 10.2025

Industry Security Updates
10 November 2025 by
Security Team

October Security Updates

On 14 October 2025, Microsoft released its monthly security update covering a record volume of vulnerabilities. 

This months release of security patches addressed more than 170 Microsoft and non-Microsoft product issues, including several zero-day flaws and multiple high & critical severity patches. 

Alongside patching, Microsoft ended support for several core products, raising the urgency for organisations to act swiftly.

Windows 10 Reaches End of Life

Microsoft officially ended support for Windows 10 (Home, Pro, Enterprise, Education, and IoT Enterprise 22H2) on 14 October 2025. No further free security updates or feature improvements will be provided, except for customers enrolled in the Extended Security Updates (ESU) programme.

Windows 11 version 22H2 (Enterprise, Education, and IoT Enterprise editions) also reached end of servicing, requiring an upgrade to Windows 11 23H2 or later for continued patching.

177 Microsoft Vulnerabilities Along With 0-Days Patched

Microsoft confirmed that multiple zero-day vulnerabilities were being actively exploited before the October release. 

Key examples include CVE-2025-24990, a local privilege-escalation flaw in the Agere modem driver, and CVE-2025-59230, an elevation-of-privilege vulnerability in the Remote Access Connection Manager (RasMan) service.

These affected core Windows components and legacy drivers, allowing attackers to achieve SYSTEM-level access. Most of the zero-days patched in October involved privilege-escalation and kernel-mode weaknesses, highlighting attackers’ continued focus on local privilege abuse.

Products Patched

The October release included security patches for a broad range of Microsoft platforms and services, including:

  • Windows 10 and 11: kernel, drivers, network stack, and remote-access components

  • Microsoft Office and 365 Apps: Excel, Word, Outlook, and shared libraries

  • Microsoft Edge (Chromium): browser engine and rendering issues

  • Azure and cloud services: Entra ID, compute infrastructure, and tenant management components

LANDR Security. International consultants.

High Profile Microsoft Security Updates

Within the 177 security patches this month, we break out some of the key, noteworthy and high profile vulnerabilities patched.

CVE-2025-59287 - Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

CVSS: 9.8

Type: RCE

Overview
CVE-2025-59287 is a critical deserialization vulnerability in Windows Server Update Services (WSUS) that allows unauthenticated attackers to execute arbitrary code remotely.

Susceptibility
Systems running the WSUS role on Windows Server are vulnerable, particularly those exposed to the internet on default ports (8530/8531). Successful exploitation can grant attackers SYSTEM-level privileges, enabling compromise of the WSUS server and potential lateral movement across the network.

Public: Yes

Exploited: Yes

CVE-2025-24990 - Windows Agere Modem Driver Elevation of Privilege Vulnerability

CVSS: 7.8

Type: EoP

Overview
This flaw in the Agere modem driver (ltmdm64.sys), bundled with supported Windows operating systems, allows a local attacker to escalate to administrative privileges via an untrusted pointer dereference.

Susceptibility
Any system with the Agere modem driver installed, even if the hardware is not in use, is vulnerable; if present and unpatched the driver can be exploited to gain full admin access.

Public: Yes

Exploited: Yes

CVE-2025-59230 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVSS: 7.8

Type: EoP

Overview
An improper access-control flaw in the Windows Remote Access Connection Manager (RasMan) allows a local authorised user to elevate privileges to SYSTEM.

Susceptibility
Windows machines where RasMan is running and a local attacker already has limited privileges are susceptible; exploitation can lead to full system control.

Public: Yes

Exploited: Yes

CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability

CVSS: 9.8

Type: EoP

Overview
A vulnerability in Azure Entra ID allows an attacker, without authentication, to elevate privileges via missing authentication on critical functions.

Susceptibility
Cloud tenants running Azure Entra ID are vulnerable; successful exploitation could lead to administrative access across identity services.

Public: Yes

Exploited: Yes

CVE-2025-59236 - Microsoft Excel Remote Code Execution Vulnerability

CVSS: 7.8

Type: RCE

Overview
A use-after-free bug in Microsoft Excel allows an unauthenticated attacker who convinces a user to open a malicious file; to execute arbitrary code locally.

Susceptibility
Endpoints that parse untrusted Excel files are at risk; once the malicious file is opened, code can execute with the user’s privileges and potentially escalate further.

Public: Yes

Exploited: No

CVE-2025-49708 - Microsoft Graphics Component Elevation of Privilege Vulnerability

CVSS: 9.9

Type: EoP

Overview
A use-after-free vulnerability in the Microsoft Graphics Component allows an authorised network attacker to elevate privileges on the system.

Susceptibility
Systems that render or process graphics components exposed to network access are vulnerable; exploitation can lead to SYSTEM-level control.

Public: Yes

Exploited: Yes

Subscribe To Our Security Update Mailing List

Get all the latest security release & Patch Tuesday updates, delivered directly to your inbox.

Thanks for registering!

Subscribe



in PT
# PT
Security Team 10 November 2025
Share this post
Tags
PT
Our blogs
Archive