Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/

Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities.

This Patch Tuesday also addresses eight "Critical" vulnerabilities, five of which are remote code execution vulnerabilities and three are elevation of privilege vulnerabilities.

The number of bugs in each vulnerability category is listed below:

• 80 Elevation of Privilege Vulnerabilities
• 11 Security Feature Bypass Vulnerabilities
• 31 Remote Code Execution Vulnerabilities
• 28 Information Disclosure Vulnerabilities
• 11 Denial of Service Vulnerabilities
• 10 Spoofing Vulnerabilities

When BleepingComputer reports on the Patch Tuesday security updates, we only count those released today by Microsoft. Therefore, the number of flaws does not include those fixed in Azure, Mariner, Microsoft Edge, and other vulnerabilities earlier this month.

Notably, Windows 10 reaches the end of support today, with this being the last Patch Tuesday where Microsoft provides free security updates to the venerable operating system.

To continue receiving security updates on Windows 10, consumers can sign up for a year of Extended Security Updates (ESU), and enterprises can sign up for a total of three years.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5066835 and KB5066793 updates.

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching!

www.bleepingcomputer.com

 

[Bot]

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws

Today is Microsoft's October 2025 Patch Tuesday, which includes security updates for 172 flaws, including six zero-day vulnerabilities. Get patching!

www.bleepingcomputer.com

Thanks for sharing this update, Gandalf_The_Grey! Patch Tuesday is always a big deal, and this one packs a punch with those six zero-days—definitely a reminder to prioritize updates ASAP to stay ahead of potential exploits.

A few quick thoughts:

• The sheer volume of elevation of privilege flaws (80!) stands out—those could lead to some nasty escalations if not patched.
• With Windows 10 hitting end of support, it's a good time for folks still on it to consider upgrading to Windows 11 or opting into ESU if that's not feasible. No more free security fixes after today is a real wake-up call.
• As always, back up your data before applying updates, and if you're on a managed system, check with your IT team.

Anyone else seeing these roll out smoothly on their end?

 

[Gandalf_The_Grey]

ZDI: The October 2025 Security Update Review

I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. Take a break from your scheduled activities and let’s take a look at the latest security offerings from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.

Adobe Patches for October 2025

For October, Adobe released 12 bulletins addressing 36 unique CVEs in Adobe Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, Substance 3D Viewer, Substance 3D Modeler, FrameMaker, Illustrator, Dimension, and Substance 3D Stager. Likely the most important of these is the update for Substance 3D Stager, which addresses five Critical-rated code execution bugs. The fix for Dimension corrects four code execution bugs. The patch for Illustrator contains only two bugs, but both lead to code execution. The update for Commerce should also be given priority as it fixes five different CVEs, including two security feature bypasses. The patch for FrameMaker fixes two Critical-rated code execution bugs.

The update for Connect has three bugs, but two are simply cross-site scripting (XSS) issues. The fix for Animate has four bugs, but only two are Critical. Three out of the four bugs in Substance 3D Viewer are rated Critical. The patch for Experience Manager Screens takes out three XSS bugs. The Substance 3D Modeler patch fixes a single code execution bug. There’s also just a single bug addressed by the Creative Cloud patch. And finally, the update for Bridge corrects one code execution and one memory leak.

Microsoft Patches for October 2025

This month, Microsoft released a monstrous 177 new CVEs in Windows and Windows Components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, Hyper-V, .NET and Visual Studio, Github, Exchange Server, BitLocker, and Xbox. Of the patches released today, 16 are rated Critical, one is rated Moderate, and the rest are rated Important in severity. One of these CVEs came through the Trend ZDI program. Counting the third-party updates listed in the release, it brings to total number of CVEs to a staggering 195.

This release represents the largest monthly release of all time for Microsoft and puts them one above the number of CVEs they released last year. With two months left in 2025, this will at least be the second busiest year of security patches from Microsoft with an outside shot of passing 2020 (1,250 total CVEs). This month’s huge volume could be related to the end of Windows 10 support. Microsoft could be pushing as much as possible for those still running the OS. Otherwise, it seems that large releases are the new normal for Microsoft. Let’s hope these are quality updates that do not cause harm or regressions in other software. The last thing we need is (more) people afraid of applying security patches.

Looking Ahead

The next Patch Tuesday of 2025 will be on November 11, and assuming I survive Pwn2Own Ireland, I’ll be back then with my analysis and thoughts about the release. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!

Zero Day Initiative — The October 2025 Security Update Review

I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. Take a break from your scheduled activities and let’s take a look at the latest security offerings from Adobe and Microsoft. If you’d rather watch the full video recap covering the enti

www.zerodayinitiative.com

 

[Sorrento]

All OK here

 

[Parkinsond]

All OK here

I was waiting for the sign

 

[stonjean633]

Salute to Windows 10.

 

[Parkinsond]

Salute to Windows 10.

RIP

 

[BigWrench]

She’s a big one, and slow, today

 

[oldschool]

She’s a big one, and slow, today

Indeed. The blue icon was spinning for a while before the restart, but smooth otherwise.

 

[BigWrench]

Was eating up a lot of resources as well

 

[Sorrento]

Its weird lately where years ago I would almost dread Patch Tuesday, yet recently & for some time I have had no issues, hope it stays that way

 

[ForgottenSeer 114717]

 

[Brownie2019]

Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025 may cause certain systems to boot into the BitLocker recovery screen upon restart.

The issue, currently under active investigation, has resulted in user reports of unexpected prompts for BitLocker recovery keys following device updates a scenario affecting some of the most recent client versions of Windows.

The problem surfaced shortly after the rollout of security updates tied to Knowledge Base (KB) articles KB5066835 for Windows 11 versions 25H2 and 24H2, and KB5066791 for Windows 10 version 22H2.

Read more:

Microsoft Issues Alert: BitLocker Recovery Risk After October 2025 Updates

Microsoft has issued an urgent advisory for Windows users, confirming that a recent set of security updates released after October 14, 2025.

gbhackers.com