Microsoft’s October Patch Tuesday Update Fixes More Than 170 Vulnerabilities.

Posted on by

Did you know you can configure Google to filter out junk? Follow these steps to improve your search results, including adding my work on Lifehacker as a preferred source .

On the second Tuesday of every month, Microsoft releases a major security update for Windows users, known as “Patch Tuesday.” Some fixes are larger than others, depending on how many vulnerabilities researchers have discovered over the past month. However, October’s Patch Tuesday update was quite extensive.

As Bleeping Computer reports , the latest update, released on Tuesday, addresses more than 170 Windows security vulnerabilities. These include 80 privilege escalation vulnerabilities, 31 remote code execution vulnerabilities, 28 information disclosure vulnerabilities, 11 security feature bypass vulnerabilities, 11 denial of service vulnerabilities, and 10 spoofing vulnerabilities.

You may also like

The total number of updates on Bleeping Computer’s Patch Tuesday includes only fixes released by Microsoft itself. The total is higher because it includes fixes for Azure, Mariner, and vulnerabilities released earlier in October. In total, there are over 200 fixes.

While all security updates are important, some are more critical than others. Therefore, this Patch Tuesday includes fixes for eight vulnerabilities rated “critical,” including five remote code execution vulnerabilities and three privilege escalation vulnerabilities.

Six zero days

But even more important are the fixes for six zero-day vulnerabilities. Zero-day vulnerabilities are particularly dangerous because they are either publicly disclosed or exploited before the software developer can release a patch. In this case, there are six zero-day vulnerabilities, three of which are publicly disclosed, and three of which are exploited without a current patch, leaving Windows users vulnerable.

What do you think at the moment?

Here are the three exploited vulnerabilities:

  • CVE-2025-24990 : Privilege Escalation Vulnerability in the Windows Agere Modem Driver . This vulnerability allowed attackers to gain administrative privileges via a faulty Agere modem driver. Microsoft has removed this driver.

  • CVE-2025-59230 : Windows Remote Access Connection Manager Elevation of Privilege Vulnerability : This vulnerability could allow attackers to gain SYSTEM privileges.

  • CVE-2025-47827 : MITRE CVE-2025-47827: Secure Boot Bypass in IGEL OS before version 11 : This vulnerability allowed attackers to bypass secure boot, a security process that helps prevent malware from loading when a user’s computer starts.

Here are three publicly disclosed vulnerabilities:

  • CVE-2025-0033 — AMD CVE-2025-0033: RMP Corruption During SNP Initialization : This AMD vulnerability can affect memory integrity. Microsoft states that work on a fix is ​​ongoing and that fixes will be released through Azure Service Health alerts as they become available.

  • CVE-2025-24052 — Privilege Escalation Vulnerability in the Windows Agere Modem Driver : This vulnerability can be exploited to gain administrative privileges via the Agere modem driver. As noted by Bleeping Computer, it is very similar to CVE-2025-24990.

  • CVE-2025-2884 – CC Certified: CVE-2025-2884 Out-of-Bounds Read Vulnerability in the TCG TPM2.0 Reference Implementation : This vulnerability could lead to information disclosure or denial of service of the target TPM.

In other Microsoft news, the company has officially ended support for Windows 10. Unless you enroll in the Extended Security Updates program , your Windows 10 PC will not receive these security fixes in the future.

More…

Tech

Leave a Reply