Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities throughout its ecosystem, together with 4 zero-day flaws, of which two are actively exploited within the wild.
This month-to-month safety bulletin underscores the relentless tempo of risk evolution, with essential distant code execution bugs in Workplace apps and elevation of privilege points in Home windows parts dominating the fixes.
As organizations grapple with end-of-support deadlines for legacy techniques like Home windows 10, well timed patching stays important to mitigate dangers from state-sponsored actors and cybercriminals.
ImpactCountElevation of Privilege80Remote Code Execution31Information Disclosure28Security Characteristic Bypass11Denial of Service11Spoofing10Tampering1Total172
The updates goal a broad array of merchandise, from core Home windows working techniques to Azure cloud providers and the Microsoft Workplace suite.
Among the many highlights, Microsoft patched CVE-2025-59234 and CVE-2025-59236, each use-after-free vulnerabilities in Microsoft Workplace and Excel that allow distant code execution when customers open malicious information.
These flaws, rated essential with CVSS scores round 7.8, require no authentication and will permit attackers to achieve full system management, probably resulting in information theft or ransomware deployment.
Equally, CVE-2025-49708 within the Microsoft Graphics Part exposes techniques to privilege escalation over networks, exploiting reminiscence corruption to bypass safety boundaries.
Essential Vulnerabilities Patched
A number of essential entries demand fast consideration attributable to their potential for widespread exploitation.
As an illustration, CVE-2025-59291 and CVE-2025-59292 contain exterior management of file paths in Azure Container Cases and Compute Gallery, permitting licensed attackers to escalate privileges regionally and probably compromise cloud workloads.
These elevation of privilege bugs, additionally essential, spotlight ongoing dangers in hybrid environments the place misconfigurations amplify affect.
One other vulnerability is CVE-2016-9535, a long-standing LibTIFF heap buffer overflow re-addressed on this cycle, which may set off distant code execution in image-processing situations, affecting legacy apps nonetheless in use.
The zero-days add urgency: CVE-2025-2884, an out-of-bounds learn in TCG TPM2.0 reference implementation, stems from insufficient validation in cryptographic signing capabilities, resulting in data disclosure. Publicly recognized through CERT/CC, it impacts trusted platform modules integral to safe boot processes.
In the meantime, CVE-2025-47827 permits Safe Boot bypass in IGEL OS variations earlier than 11 via improper signature verification, permitting crafted root filesystems to mount unverified photographs as a vector for persistent malware.
CVE-2025-59230, one other exploited flaw in Home windows Distant Entry Connection Supervisor, entails improper entry controls for native privilege escalation.
Microsoft confirms no public exploits for many others, however the duo’s energetic abuse by risk actors, akin to nation-state teams, necessitates fast deployment.
Deserialization points in Home windows Server Replace Service (CVE-2025-59287) additional elevate considerations, allowing unauthenticated distant code execution over networks, a first-rate goal for supply-chain assaults.
In complete, the bulletin contains 11 essential distant code executions and elevations, with many tied to reminiscence security errors like use-after-free and buffer overflows prevalent in older codebases.
Azure-specific fixes, akin to these in CVE-2025-59285 for the Monitor Agent, handle deserialization dangers that might expose monitoring information to tampering.
Different Necessary Vulnerabilities Patched
Past criticals, 150+ essential vulnerabilities cowl elevation of privilege (over 60), data disclosure (round 30), and denial-of-service flaws.
Repeated patterns emerge in Home windows PrintWorkflowUserSvc (CVE-2025-55684 via 55691), the place use-after-free bugs permit native attackers to achieve increased privileges throughout print operations, a typical vector in enterprise printing environments.
Home windows Kernel vulnerabilities like CVE-2025-55693 and CVE-2025-59187 contain improper enter validation, probably leaking kernel reminiscence, or enabling ring-0 entry.
Spoofing dangers seem in CVE-2025-59239 for File Explorer and CVE-2025-59248 for Change Server, the place flawed validation may trick customers into executing malicious actions or bypassing authentication.
BitLocker’s CVE-2025-55682 exposes a safety function bypass through bodily assaults, underscoring hardware-software interaction vulnerabilities.
For cloud customers, Azure Arc and Linked Machine Agent fixes (CVE-2025-58724) mitigate native escalations from entry management lapses. Denial-of-service bugs, akin to CVE-2025-55698 in DirectX and CVE-2025-58729 in Native Session Supervisor, may disrupt providers via null dereferences or invalid inputs.
CVE IDVulnerability DetailsTypeSeverityCVE-2016-9535tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that may result in assertion failures in debug mode, or buffer overflows in launch mode, when coping with uncommon tile measurement like YCbCr with subsampling. Reported as MSVR 35105, aka “Predictor heap-buffer-overflow.” Distant Code ExecutionCritical CVE-2025-2884CVE-2025-2884 is relating to a vulnerability in CG TPM2.0 Reference implementation’s CryptHmacSign helper operate that’s susceptible to Out-of-Bounds learn because of the lack of validation the signature scheme with the signature key’s algorithm. Info DisclosureImportant CVE-2025-47827In IGEL OS earlier than 11, Safe Boot could be bypassed as a result of the igel-flash-driver module improperly verifies a cryptographic signature. In the end, a crafted root filesystem could be mounted from an unverified SquashFS picture. Safety Characteristic BypassImportant CVE-2025-49708Use after free in Microsoft Graphics Part permits a licensed attacker to raise privileges over a community. Elevation of PrivilegeCritical CVE-2025-55680Time-of-check time-of-use (toctou) race situation in Home windows Cloud Information Mini Filter Driver permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55682Improper enforcement of behavioral workflow in Home windows BitLocker permits an unauthorized attacker to bypass a safety function with a bodily assault. Safety Characteristic BypassImportant CVE-2025-55683Exposure of delicate data to an unauthorized actor in Home windows Kernel permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-55684Use-after-free in Home windows PrintWorkflowUserSvc permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55688Use-after-free in Home windows PrintWorkflowUserSvc permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55690Use-after-free in Home windows PrintWorkflowUserSvc permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55691Use after free in Home windows PrintWorkflowUserSvc permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55692Improper enter validation in Home windows Error Reporting permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55693Use after free in Home windows Kernel permits an unauthorized attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55694Improper entry management in Home windows Error Reporting permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55695Out-of-bounds learn in Home windows WLAN Auto Config Service permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-55696Time-of-check time-of-use (toctou) race situation in NtQueryInformation Token operate (ntifs.h) permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55697Heap-based buffer overflow in Azure Native permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-55698Null pointer dereference in Home windows DirectX permits a licensed attacker to disclaim service over a community. Denial of ServiceImportant CVE-2025-55699Exposure of delicate data to an unauthorized actor in Home windows Kernel permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-58714Improper entry management in Home windows Ancillary Operate Driver for WinSock permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-58718Use after free in Distant Desktop Shopper permits an unauthorized attacker to execute code over a community. Distant Code ExecutionImportant CVE-2025-58720Use of a cryptographic primitive with a dangerous implementation in Home windows Cryptographic Providers permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-58724Improper entry management in Azure Linked Machine Agent permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-58725Heap-based buffer overflow in Home windows COM permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-58726Improper entry management in Home windows SMB Server permits a licensed attacker to raise privileges over a community. Elevation of PrivilegeImportant CVE-2025-58727Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Linked Units Platform Service permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-58729Improper validation of specified sort of enter in Home windows Native Session Supervisor (LSM) permits a licensed attacker to disclaim service over a community. Denial of ServiceImportant CVE-2025-58730Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58731Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58733Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58734Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58736Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58737Use after free in Home windows Distant Desktop permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58738Use after free in Inbox COM Objects permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-58739Exposure of delicate data to an unauthorized actor in Home windows File Explorer permits an unauthorized attacker to carry out spoofing over a community. SpoofingImportant CVE-2025-59184Exposure of delicate data to an unauthorized actor in Home windows Excessive Availability Providers permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59187Improper enter validation in Home windows Kernel permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59188Exposure of delicate data to an unauthorized actor in Home windows Failover Cluster permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59189Use after free in Microsoft Brokering File System permits an unauthorized attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59190Improper enter validation in Microsoft Home windows Search Part permits an unauthorized attacker to disclaim service regionally. Denial of ServiceImportant CVE-2025-59191Heap-based buffer overflow in Linked Units Platform Service (Cdpsvc) permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59192Buffer over-read in Storport.sys Driver permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59193Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Home windows Administration Providers permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59194Use of uninitialized useful resource in Home windows Kernel permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59197Insertion of delicate data into log file in Home windows ETL Channel permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59198Improper enter validation in Microsoft Home windows Search Part permits a licensed attacker to disclaim service regionally. Denial of ServiceImportant CVE-2025-59203Insertion of delicate data into log file in Home windows StateRepository API permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59205Concurrent execution utilizing shared useful resource with improper synchronization (‘race situation’) in Microsoft Graphics Part permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59208Out-of-bounds learn in Home windows MapUrlToZone permits an unauthorized attacker to reveal data over a community. Info DisclosureImportant CVE-2025-59209Exposure of delicate data to an unauthorized actor in Home windows Push Notification Core permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59210Elevation of Privilege in Home windows Resilient File System (ReFS) Deduplication Service. Elevation of PrivilegeImportant CVE-2025-59213Improper neutralization of particular components utilized in an sql command (‘sql injection’) in Microsoft Configuration Supervisor permits an unauthorized attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59214Exposure of delicate data to an unauthorized actor in Home windows File Explorer permits an unauthorized attacker to carry out spoofing over a community. SpoofingImportant CVE-2025-59221Use after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59222Use after free in Microsoft Workplace Phrase permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59223Use after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59224Use after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59225Use after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59226Use after free in Microsoft Workplace Visio permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59227Use after free in Microsoft Workplace permits an unauthorized attacker to execute code regionally. Distant Code ExecutionCritical CVE-2025-59229Uncaught exception in Microsoft Workplace permits an unauthorized attacker to disclaim service regionally. Denial of ServiceImportant CVE-2025-59230Improper entry management in Home windows Distant Entry Connection Supervisor permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59232Out-of-bounds learn in Microsoft Workplace Excel permits an unauthorized attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59234Use after free in Microsoft Workplace permits an unauthorized attacker to execute code regionally. Distant Code ExecutionCritical CVE-2025-59236Use after free in Microsoft Workplace Excel permits an unauthorized attacker to execute code regionally. Distant Code ExecutionCritical CVE-2025-59238Use after free in Microsoft Workplace PowerPoint permits an unauthorized attacker to execute code regionally. Distant Code ExecutionImportant CVE-2025-59241Improper hyperlink decision earlier than file entry (‘hyperlink following’) in Home windows Well being and Optimized Experiences Service permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59244External management of file identify or path in Home windows Core Shell permits an unauthorized attacker to carry out spoofing over a community. SpoofingImportant CVE-2025-59248Improper enter validation in Microsoft Change Server permits an unauthorized attacker to carry out spoofing over a community. SpoofingImportant CVE-2025-59253Improper entry management in Microsoft Home windows Search Part permits a licensed attacker to disclaim service regionally. Denial of ServiceImportant CVE-2025-59260Exposure of delicate data to an unauthorized actor in Microsoft Failover Cluster Digital Driver permits a licensed attacker to reveal data regionally. Info DisclosureImportant CVE-2025-59261Time-of-check time-of-use (toctou) race situation in Microsoft Graphics Part permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59275Improper validation of specified sort of enter in Home windows Authentication Strategies permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59278Improper validation of specified sort of enter in Home windows Authentication Strategies permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59285Deserialization of untrusted information in Azure Monitor Agent permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59287Deserialization of untrusted information in Home windows Server Replace Service permits an unauthorized attacker to execute code over a community. Distant Code ExecutionCritical CVE-2025-59288Improper verification of cryptographic signature in GitHub permits an unauthorized attacker to carry out spoofing over an adjoining community. SpoofingModerate CVE-2025-59289Double free in Home windows Bluetooth Service permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeImportant CVE-2025-59291External management of file identify or path in Confidential Azure Container Cases permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeCritical CVE-2025-59292External management of file identify or path in Confidential Azure Container Cases permits a licensed attacker to raise privileges regionally. Elevation of PrivilegeCritical CVE-2025-59497Time-of-check time-of-use (toctou) race situation in Microsoft Defender for Linux permits a licensed attacker to disclaim service regionally. Denial of ServiceImportant CVE-2025-59502Uncontrolled useful resource consumption in Home windows Distant Process Name permits an unauthorized attacker to disclaim service over a community. Denial of ServiceModerate
This Patch Tuesday coincides with Home windows 10’s end-of-support on October 14, 2025, amplifying the stakes for unpatched legacy deployments.
Microsoft urges enabling automated updates through Home windows Replace or WSUS, prioritizing criticals like Workplace RCEs first. For enterprises, vulnerability administration instruments can scan for affected variations, akin to Workplace 2016-2021 or Home windows 10/11 builds pre-KB503 one thing.
No proof-of-concept code is publicly out there for many, however indicators of compromise embody anomalous Workplace crashes or Azure log anomalies. Specialists suggest segmenting networks and monitoring for exploitation makes an attempt post-patch.
Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
