Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)

1. 7Critical
2. 158Important
3. 2Moderate
4. 0Low

Microsoft addresses 167 CVEs in its largest Patch Tuesday to date, including three zero-day vulnerabilities, two of which were exploited in the wild.

Microsoft patched 167 CVEs in its October 2025 Patch Tuesday release, its largest Patch Tuesday release to date, with seven rated critical, 158 rated important, and two rated moderate. Our counts omitted 27 vulnerabilities, including 14 Chromium CVEs, three MITRE CVEs, one GitHub CVE, one CERT/CC CVE, and eight cloud CVEs that Microsoft published advisories for on October 9.

This month’s update includes patches for:

• .NET
• .NET,.NET Framework, Visual Studio
• Active Directory Federation Services
• Agere Windows Modem Driver
• ASP.NET Core
• Azure Connected Machine Agent
• Azure Entra ID
• Azure Local
• Azure Monitor
• Azure Monitor Agent
• Azure PlayFab
• Confidential Azure Container Instances
• Connected Devices Platform Service (Cdpsvc)
• Copilot
• Data Sharing Service Client
• Inbox COM Objects
• Internet Explorer
• JDBC Driver for SQL Server
• Microsoft Brokering File System
• Microsoft Configuration Manager
• Microsoft Defender for Linux
• Microsoft Exchange Server
• Microsoft Failover Cluster Virtual Driver
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office Excel
• Microsoft Office PowerPoint
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Office Word
• Microsoft PowerShell
• Microsoft Windows
• Microsoft Windows Search Component
• Microsoft Windows Speech
• Network Connection Status Indicator (NCSI)
• NtQueryInformation Token function (ntifs.h)
• Remote Desktop Client
• Software Protection Platform (SPP)
• Storport.sys Driver
• Virtual Secure Mode
• Visual Studio
• Windows Ancillary Function Driver for WinSock
• Windows Authentication Methods
• Windows BitLocker
• Windows Bluetooth Service
• Windows Cloud Files Mini Filter Driver
• Windows COM
• Windows Connected Devices Platform Service
• Windows Core Shell
• Windows Cryptographic Services
• Windows Device Association Broker service
• Windows Digital Media
• Windows DirectX
• Windows DWM
• Windows DWM Core Library
• Windows Error Reporting
• Windows ETL Channel
• Windows Failover Cluster
• Windows File Explorer
• Windows Health and Optimized Experiences Service
• Windows Hello
• Windows High Availability Services
• Windows Hyper-V
• Windows Kernel
• Windows Local Session Manager (LSM)
• Windows Management Services
• Windows MapUrlToZone
• Windows NDIS
• Windows NTFS
• Windows NTLM
• Windows PrintWorkflowUserSvc
• Windows Push Notification Core
• Windows Remote Access Connection Manager
• Windows Remote Desktop
• Windows Remote Desktop Protocol
• Windows Remote Desktop Services
• Windows Remote Procedure Call
• Windows Resilient File System (ReFS)
• Windows Resilient File System (ReFS) Deduplication Service
• Windows Routing and Remote Access Service (RRAS)
• Windows Server Update Service
• Windows SMB Client
• Windows SMB Server
• Windows SSDP Service
• Windows StateRepository API
• Windows Storage Management Provider
• Windows Taskbar Live
• Windows USB Video Driver
• Windows Virtualization-Based Security (VBS) Enclave
• Windows WLAN Auto Config Service
• Xbox
• XBox Gaming Services

Elevation of Privilege (EoP) vulnerabilities accounted for 47.9% of the vulnerabilities patched this month, followed by Remote Code Execution (RCE) vulnerabilities at 17.4%.

Windows 10 End of Support

As of October 14, Windows 10 has reached its end of support. This means that no new security updates will be released for Windows 10 without being enrolled in the Extended Security Updates (ESU) program. To identify unsupported versions of Windows 10, customers can use plugin ID 192814.

Additionally, Long-Term Servicing Branch (LTSB) support for Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015 also ended as of October 14. Plugins to identify these versions are as follows:

Additional Microsoft Products End of Support

As of October 14, several Microsoft Products have reached end of support or extended support. Since these products will no longer receive security updates, we recommend upgrading to supported versions as soon as possible.

• Exchange Server 2016
• Exchange Server 2019
• Outlook 2016
• Skype for Business Server 2015
• Skype for Business 2016
• Skype for Business Server 2019
• Windows 11 Enterprise and Education Version 22H2
• Windows 11 IoT Enterprise Version 22H2

Tenable Solutions

A list of all the plugins released for Microsoft’s October 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's October 2025 Security Updates
• Tenable plugins for Microsoft October 2025 Patch Tuesday Security Updates

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.