Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

On October 14, Microsoft released its October 2025 Patch Tuesday release which patched 167 CVEs with seven rated as critical, 158 rated important and two rated moderate. This release was the largest Patch Tuesday release to date. Included in this month's patches were three zero-day vulnerabilities, two of which were exploited in the wild.

CVE-2025-24052 and CVE-2025-24990 are elevation of privilege vulnerabilities in the third party Agere Modem driver. Both CVEs were assigned CVSSv3 scores of 7.8 and rated as important. Microsoft reports that CVE-2025-24990 has been exploited in the wild and CVE-2025-24052 was disclosed prior to a patch being made available. Successful exploitation would allow an attacker to gain administrator privileges on an affected system.

CVE-2025-59230 is an elevation of privilege vulnerability affecting Windows Remote Access Connection Manager. According to Microsoft, this vulnerability has been exploited in the wild. It was assigned a CVSSv3 score of 7.8 and is rated as important. Exploitation of this vulnerability involves improper access control in Windows Remote Access Connection Manager and could allow a local attacker to gain SYSTEM privileges.

This month’s update includes patches for:

• .NET
• .NET, .NET Framework, Visual Studio
• Active Directory Federation Services
• Agere Windows Modem Driver
• ASP.NET Core
• Azure Connected Machine Agent
• Azure Entra ID
• Azure Local
• Azure Monitor
• Azure Monitor Agent
• Azure PlayFab
• Confidential Azure Container Instances
• Connected Devices Platform Service (Cdpsvc)
• Copilot
• Data Sharing Service Client
• Inbox COM Objects
• Internet Explorer
• JDBC Driver for SQL Server
• Microsoft Brokering File System
• Microsoft Configuration Manager
• Microsoft Defender for Linux
• Microsoft Exchange Server
• Microsoft Failover Cluster Virtual Driver
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft PowerShell
• Microsoft Windows
• Microsoft Windows Search Component
• Microsoft Windows Speech
• Network Connection Status Indicator (NCSI)
• NtQueryInformation Token function (ntifs.h)
• Remote Desktop Client
• Software Protection Platform (SPP)
• Storport.sys Driver
• Virtual Secure Mode
• Visual Studio
• Windows Ancillary Function Driver for WinSock
• Windows Authentication Methods
• Windows BitLocker
• Windows Bluetooth Service
• Windows Cloud Files Mini Filter Driver
• Windows COM
• Windows Connected Devices Platform Service
• Windows Core Shell
• Windows Cryptographic Services
• Windows Device Association Broker service
• Windows Digital Media
• Windows DirectX
• Windows DWM
• Windows DWM Core Library
• Windows Error Reporting
• Windows ETL Channel
• Windows Failover Cluster
• Windows File Explorer
• Windows Health and Optimized Experiences Service
• Windows Hello
• Windows High Availability Services
• Windows Hyper-V
• Windows Kernel
• Windows Local Session Manager (LSM)
• Windows Management Services
• Windows MapUrlToZone
• Windows NDIS
• Windows NTFS
• Windows NTLM
• Windows PrintWorkflowUserSvc
• Windows Push Notification Core
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Desktop Protocol
• Windows Remote Desktop Services
• Windows Remote Procedure Call
• Windows Resilient File System (ReFS)
• Windows Resilient File System (ReFS) Deduplication Service
• Windows Routing and Remote Access Service (RRAS)
• Windows Server Update Service
• Windows SMB Client
• Windows SMB Server
• Windows SSDP Service
• Windows StateRepository API
• Windows Storage Management Provider
• Windows Taskbar Live
• Windows USB Video Driver
• Windows Virtualization-Based Security (VBS) Enclave
• Windows WLAN Auto Config Service
• Xbox
• XBox Gaming Services

For more information, please visit our blog.