Microsoft’s October ‘Patch Tuesday’ Replace Fixes Over 170 Flaws



Dd you may customise Google to filter out rubbish? Take these steps for higher search outcomes, together with including my work at Lifehacker as a most well-liked supply.


On the second Tuesday of every month, Microsoft points a significant safety replace for Home windows customers, referred to as “Patch Tuesday.” Some patches are bigger than others; all of it is dependent upon what number of vulnerabilities researchers found over the previous month. October’s Patch Tuesday replace, nevertheless, is kind of massive.

As reported by Bleeping Pc, this newest Patch Tuesday replace fixes over 170 safety flaws with Home windows. That features 80 elevation of privilege vulnerabilities, 31 distant code execution vulnerabilities, 28 data disclosure vulnerabilities, 11 safety function bypass vulnerabilities, 11 denial of service vulnerabilities, and 10 spoofing vulnerabilities.

Bleeping Pc solely contains the patches launched by Microsoft itself in its totals for Patch Tuesday numbers. The whole quantity is increased, as there are patches for Azure, Mariner, and vulnerabilities launched earlier in October. All in, there are effectively over 200 patches right here.

Whereas all safety patches are necessary, some are extra vital than others. To that time, this Patch Tuesday contains fixes for eight vulnerabilities labeled as “Important”—that features 5 distant code execution vulnerabilities, and three elevation of privilege vulnerabilities.

Six zero-days

However much more necessary than that are the patches for six zero-day vulnerabilities. Zero-days are significantly harmful, as there are vulnerabilities which are both publicly disclosed or exploited earlier than the software program developer has an opportunity to challenge a patch. On this case, there are six zero-days, three publicly disclosed, and three exploited with out this present patch, leaving Home windows customers susceptible.


What do you assume up to now?

These are the three exploited vulnerabilities:

  • CVE-2025-24990: Home windows Agere Modem Driver Elevation of Privilege Vulnerability: This flaw allowed unhealthy actors to realize administrative privileges through a nasty Agere Modem driver. Microsoft has now eliminated the motive force.

  • CVE-2025-59230: Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability: This flaw allowed unhealthy actors to realize SYSTEM privileges.

  • CVE-2025-47827: MITRE CVE-2025-47827: Safe Boot bypass in IGEL OS earlier than 11: This flaw allowed unhealthy actors to bypass Safe Boot, a safety course of that helps stop malware from loading when a person’s pc begins up.

These are the three publicly disclosed vulnerabilities:

  • CVE-2025-0033 – AMD CVE-2025-0033: RMP Corruption Throughout SNP Initialization: This AMD flaw may impression reminiscence integrity. Microsoft says this repair just isn’t completed but, and the patches will roll out via Azure Service Well being Alerts once they’re prepared.

  • CVE-2025-24052 – Home windows Agere Modem Driver Elevation of Privilege Vulnerability: This flaw can be utilized to realize administrative privileges through a Agere Modem Driver. As Bleeping Pc notes, it seems fairly much like CVE-2025-24990.

  • CVE-2025-2884 – Cert CC: CVE-2025-2884 Out-of-Bounds learn vulnerability in TCG TPM2.0 reference implementation: This flaw may have allowed for data disclosure or denial of service of the goal’s TPM.

In different Microsoft information, the corporate has formally ended assist for Home windows 10. Except you enroll in Prolonged Safety Updates, your Home windows 10 PC won’t obtain these safety patches going ahead.



Related Articles

Latest Articles