Skip to main content

Microsoft Releases October 2025 Security Updates

Scheduled updates for Microsoft products address 175 vulnerabilities, of which 3 are under exploitation and 3 have been reported as publicly disclosed

Threat ID:
CC-4708
Threat Severity:
Medium
Published:
15 October 2025 10:36 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 175 vulnerabilities, of which 3 are under exploitation and 3 have been reported as publicly disclosed

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows Server

Microsoft Azure

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's October 2025 Security Update guide for full details.

Threat details

Final security updates for Windows 10

From 14 October 2025, Windows 10 is end-of-life. The October 2025 security updates are the last available for Windows 10.

To ensure the continued security and efficiency of NHS digital systems, as well as protect patient data, all NHS Trusts and Integrated Care Boards (ICBs) must transition to Windows 11.

For more details please visit the Windows 10 end of support October 2025 page.

Introduction

Microsoft has released security updates to address 175 vulnerabilities in Microsoft products. 6 vulnerabilities are highlighted below.

Microsoft has reported exploitation for 3 vulnerabilities and a proof-of-concept exploit for 1 vulnerability

CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827 have been reported as exploited by Microsoft.

A proof-of-concept exploit is available for CVE-2025-55680.

Vulnerability details

Exploited vulnerabilities:

  • CVE-2025-24990 - Windows Agere Modem Driver Elevation of Privilege Vulnerability - CVSSv3 score: 7.8
  • CVE-2025-59230 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability - CVSSv3 core: 7.8
  • CVE-2025-47827 - Secure Boot Bypass in IGEL OS before 11 - CVSSv3 score: 4.6
  • CVE-2025-55680 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability - CVSSv3 score: 7.8

Publicly disclosed vulnerabilities:

  • CVE-2025-0033 - RMP Corruption During SNP Initialization (affecting AMD EPYC processors used in Azure Confidential Computing) - CVSSv3 score: 8.2
  • CVE-2025-2884 - Out-of-Bounds Read Vulnerability in TCG TPM2.0 Reference Implementation - CVSSv3 score: 5.3
  • CVE-2025-24052 - Windows Agere Modem Driver Elevation of Privilege Vulnerability - CVSSv3 score: 7.8

Threat updates

Date Update
10 Nov 2025 Updated Exploitation Details

Added CVE-2025-55680 to CVE identifier list and updated exploitation details.

Remediation advice

Affected organisations are encouraged to review Microsoft's October 2025 Security Updates and apply the relevant updates as soon as possible.

CVE Vulnerabilities

Status Published

CVE-2025-24990

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
Status Published

CVE-2025-59230

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Status Published

CVE-2025-47827

In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.
Status Published

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
Status Published

CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0
Status Published

CVE-2025-24052

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.
Status Published

CVE-2025-55680

Time-of-check time-of-use (toctou) race condition in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Last edited: 10 November 2025 12:04 pm