Microsoft October Patch Tuesday: Critical Fixes and Urgent Updates

Discover which October 2025 Patch Tuesday vulnerabilities demand your immediate attention. Explore critical CVEs, weaponized threats, and practical patching strategies.

Published

October 14, 2025

Updated

Published

October 14, 2025

Updated

Rob Brown

Senior Director, Professional Services

View all author’s posts

Heading 2

Dive deeper in our Resource Library

Find the latest white papers, research reports, webinars on demand and much more - all by industry-leading experts.

Find resources

Microsoft October 2025 Patch Tuesday: Critical Vulnerabilities and Security Insights

Microsoft’s October 2025 Patch Tuesday addresses 175 CVEs, including 5 Critical, 169 Important, and 1 Moderate. These patches resolve vulnerabilities across Windows, Office, Windows Server Update Services (WSUS), Graphics Components, and device drivers. This month’s release coincides with the end of free support for Windows 10, which amplifies the urgency of timely patching. Two vulnerabilities are flagged as weaponized, with one already publicly disclosed.

Robert Brown, Senior Director of Technical Services at Absolute, emphasizes that while the overall volume of patches remains high, October’s focus on Office and WSUS components highlights the growing importance of application-layer security and reliable patch automation.

Top 6 Critical Vulnerabilities in Microsoft October 2025 Patch Tuesday

Here are the most pressing vulnerabilities you need to address immediately.

CVE-2025-59287 – Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

‍Severity: Critical | CVSS Score: 9.8‍
Attack Vector: Network | Privileges Required: None‍
User Interaction: None | Complexity: Low

This flaw could enable attackers to deliver malicious code through WSUS distribution channels. This presents a significant risk, potentially impacting patch integrity and compromising downstream systems.

CVE-2025-49708 – Windows Graphics Component Remote Code Execution Vulnerability

A use-after-free vulnerability in the Microsoft Graphics Component allows an authorized attacker to execute code over a network.

‍Severity: Critical | CVSS Score: 9.9‍
Attack Vector: Network | Privileges Required: Low
‍User Interaction: None | Complexity: Low

Compromising the host enables an attacker to impact other virtual machines running on the same host, even if those VMs are not directly vulnerable to this specific issue.

CVE-2025-59236 – Microsoft Excel Remote Code Execution Vulnerability

A use-after-free vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

‍Severity: Critical | CVSS Score: 8.4‍
Attack Vector: Local | Privileges Required: None‍
User Interaction: None | Complexity: Low

Opening a malicious Excel file could give an attacker code execution privileges. This vulnerability reinforces the importance of disabling macros and enforcing file-origin policies.

CVE-2025-59227 – Microsoft Office Remote Code Execution Vulnerability

A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally.

‍Severity: Critical | CVSS Score: 7.8‍
Attack Vector: Local | Privileges Required: None‍
User Interaction: Required | Complexity: Low

Attackers could exploit this flaw through malicious Office documents, resulting in a full system compromise. The Preview Pane is a known attack vector.

CVE-2025-59234 – Microsoft Office Remote Code Execution Vulnerability

A use-after-free vulnerability in Microsoft Office allows an unauthorized attacker to execute code locally.

‍Severity: Critical | CVSS Score: 7.8‍
Attack Vector: Local | Privileges Required: None‍
User Interaction: Required | Complexity: Low

Similar to CVE-2025-59227, this flaw highlights the recurring risks in legacy Office codebases, where file parsing remains a common attack vector.

CVE-2025-24990 – Windows Agere Modem Driver Elevation of Privilege Vulnerability

Insufficient access control in the Windows Agere modem driver allows an authenticated attacker to gain elevated privileges locally. This vulnerability has been weaponized but is not publicly known.

‍Severity: Important | CVSS Score: 7.8‍
Attack Vector: Local | Privileges Required: Low‍
User Interaction: None | Complexity: Low

This vulnerability has been observed in limited exploitation attempts. All supported versions of Windows can be affected by a successful exploitation, even if the modem is not actively in use.

Jump Point Vulnerabilities – Lateral Movement Risks in October 2025 Patches

These vulnerabilities have a "Scope Changed" designation, meaning they can cross trust or privilege boundaries. Successful exploitation enables lateral movement, privilege escalation, or wider impact across your network.

‍CVE-2025-49708 (Windows Graphics Component RCE): Critical; CVSS 9.9‍
CVE-2025-55315 (Windows Win32k EoP): Important; CVSS 7.8‍
CVE-2025-55321 (Azure Monitor XSS): Critical; CVSS 8.7‍
CVE-2025-55698 (Windows TPM Core Isolation EoP): Important; CVSS 7.4‍
CVE-2025-58715 (Windows DWM Core Library EoP): Important; CVSS 8.1‍
CVE-2025-58716 (Windows Kernel EoP): Important; CVSS 8.4‍
CVE-2025-59200 (Data Sharing Service Client EoP): Important; CVSS 7.7‍
CVE-2025-59217 (Windows Kernel EoP): Important; CVSS 8.0‍
CVE-2025-59218 (Azure Entra ID EoP): Critical; CVSS 9.6‍
CVE-2025-59271 (Redis Enterprise EoP): Critical; CVSS 8.8‍
CVE-2025-59291 (Windows COM+ EoP): Important; CVSS 7.5‍
CVE-2025-59292 (Windows Subsystem for Linux EoP): Important; CVSS 7.3

Final Thoughts on October 2025 Patch Tuesday and Security Recommendations

October’s Patch Tuesday reinforces a recurring challenge for security teams. Even with low exploitation rates, the potential impact of unpatched systems remains high. Absolute’s Risk Score helps you prioritize these top threats by balancing vendor severity with exploit awareness and real-world impact.

Key Recommendations

‍Prioritize RCE Flaws: Patch WSUS, Office, and Graphics Component vulnerabilities immediately to block network-based and file-based exploits.‍
Leverage Endpoint Resilience: Absolute’s Secure Endpoint enables rapid device restoration to a golden image. This restores devices in hours, not days, through firmware-embedded persistence.‍
Monitor Patch Compliance: Continuously track patch status across your fleet and block untrusted Office files to reduce lateral movement risks.

While timely patching is essential, resilience remains the ultimate safeguard. The ability to restore devices to a golden image at scale enables rapid recovery should a patch or an attack destabilize operations. Patch smarter, stay resilient, and secure your endpoints for the future.

See the October, 2025 Patch Tuesday Chart (PDF).

‍

Find more resources with these topics:

Endpoint Resilience

Unified Endpoint Management

Vulnerability and Patch Management

Compliance

Featured Blog Posts

How to Achieve Cyber Resilience

How to build a resilient infrastructure that defends against attacks, zero day threats, and ensures fast recovery.

John Herrema

•

October 30, 2024

The Growing Dangers of Unencrypted Devices

Zero Trust is essential for securing hybrid work. Discover how it strengthens endpoint security and minimizes risk in remote environments.

Michelle Base Bursey

•

June 22, 2022

Absolute Recognized as G2 Top 50 Best Security Product 2023, Ranked a Leader in Winter Grid Reports

We've been named to the Top 50 Security Products in the G2 Best Software Awards 2023. This comes on the heels of the release of the Winter 2023 G2 Grid Reports, where we were ranked a Leader for both Endpoint Management and Zero Trust Networking.