Microsoft Patch Tuesday – October 2025
Contents
⚡ TL;DR | Go Straight to the October 2025 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The October 2025 edition of Patch Tuesday brings us 173 new fixes, with 9 rated as critical, 3 of which are actively exploited. We’ve listed the most important changes below.
Windows Agere Modem Driver Elevation of Privilege Vulnerability
CVE-2025-24990 is an elevation of privilege vulnerability that has been actively exploited. The vulnerability is in the Agere modem driver (ltmdm64.sys) that shipped with supported Windows releases, the driver has been removed in the October cumulative update after evidence of active exploitation. An attacker who successfully leverages this flaw can obtain local administrator privileges, and critically, the vulnerability can be abused even when the fax modem isn’t actively in use. Because the driver has been removed, any fax-modem hardware relying on ltmdm64.sys will stop working on updated systems.
Microsoft therefore strongly recommends removing dependencies on that hardware and applying the October cumulative update immediately. If your environment still needs fax capabilities, plan to migrate to supported hardware or software alternatives and treat affected systems as high priority for patching and investigation.
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-59230 is a privilege escalation vulnerability in the Windows Remote Access Connection Manager service caused by improper access control. This flaw allows a locally authenticated attacker to elevate their privileges to SYSTEM level, effectively gaining the highest permissions available on the machine. The issue has been actively exploited in the wild, even though it has not been publicly disclosed.
Because it requires only local access, an attacker who already has a foothold on a system (through phishing, malware, or another exploit) can use this vulnerability to take full control, execute arbitrary code with elevated rights, install persistent backdoors, or disable security controls.
Secure Boot bypass in IGEL OS before 11
In IGEL OS versions before 11, a flaw in the igel-flash-driver module incorrectly verifies cryptographic signatures for SquashFS images, allowing an attacker to present a crafted (malicious) SquashFS that the system accepts and mounts as the root filesystem. Because this bypasses the intended signature checks, it effectively defeats Secure Boot on affected devices: an attacker who can supply or plant such an image can boot or persist arbitrary, unsigned system code with full control of the device. The issue was assigned CVE-2025-47827 by MITRE on IGEL’s behalf, has been observed in exploitation, and has been addressed in updated IGEL OS builds (the fixes are also incorporated into related Windows update advisories).
Windows systems need an update for this vulnerability because Microsoft’s Secure Boot infrastructure trusted the vulnerable IGEL component that was signed through its UEFI Certificate Authority. Secure Boot relies on Microsoft’s global trust chain to decide which bootloaders and drivers are safe to run, and the flawed IGEL module could be exploited to bypass that protection, even on Windows devices. To close this loophole, Microsoft issued a Windows update that adds the IGEL component’s signature to the Secure Boot revocation list (DBX), ensuring affected binaries can no longer load during boot. This update effectively restores the integrity of Secure Boot across all Windows systems, even those that never used IGEL OS.
Run the Patch Tuesday October 2025 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday October 2025 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2025-59502 | Remote Procedure Call Denial of Service Vulnerability |
| CVE-2025-59497 | Microsoft Defender for Linux Denial of Service Vulnerability |
| CVE-2025-59494 | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2025-59295 | Windows URL Parsing Remote Code Execution Vulnerability |
| CVE-2025-59294 | Windows Taskbar Live Preview Information Disclosure Vulnerability |
| CVE-2025-59292 | Azure Compute Gallery Elevation of Privilege Vulnerability |
| CVE-2025-59291 | Confidential Azure Container Instances Elevation of Privilege Vulnerability |
| CVE-2025-59290 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-59289 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-59288 | Playwright Spoofing Vulnerability |
| CVE-2025-59287 | Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
| CVE-2025-59285 | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2025-59284 | Windows NTLM Spoofing Vulnerability |
| CVE-2025-59282 | Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-59281 | Xbox Gaming Services Elevation of Privilege Vulnerability |
| CVE-2025-59280 | Windows SMB Client Tampering Vulnerability |
| CVE-2025-59278 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59277 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59275 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-59261 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59260 | Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability |
| CVE-2025-59259 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-59258 | Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability |
| CVE-2025-59257 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-59255 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-59254 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-59253 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59250 | JDBC Driver for SQL Server Spoofing Vulnerability |
| CVE-2025-59249 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-59248 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2025-59244 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-59243 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59242 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-59241 | Windows Health and Optimized Experiences Elevation of Privilege Vulnerability |
| CVE-2025-59238 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-59237 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-59236 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59235 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-59234 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-59233 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59232 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2025-59231 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59230 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2025-59229 | Microsoft Office Denial of Service Vulnerability |
| CVE-2025-59228 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-59227 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-59226 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2025-59225 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59224 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59223 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-59222 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-59221 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-59214 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-59213 | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-59211 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2025-59210 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-59209 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2025-59208 | Windows MapUrlToZone Information Disclosure Vulnerability |
| CVE-2025-59207 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59206 | Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability |
| CVE-2025-59205 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-59204 | Windows Management Services Information Disclosure Vulnerability |
| CVE-2025-59203 | Windows State Repository API Server File Information Disclosure Vulnerability |
| CVE-2025-59202 | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2025-59201 | Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability |
| CVE-2025-59200 | Data Sharing Service Spoofing Vulnerability |
| CVE-2025-59199 | Software Protection Platform (SPP) Elevation of Privilege Vulnerability |
| CVE-2025-59198 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59197 | Windows ETL Channel Information Disclosure Vulnerability |
| CVE-2025-59196 | Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability |
| CVE-2025-59195 | Microsoft Graphics Component Denial of Service Vulnerability |
| CVE-2025-59194 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59193 | Windows Management Services Elevation of Privilege Vulnerability |
| CVE-2025-59192 | Storport.sys Driver Elevation of Privilege Vulnerability |
| CVE-2025-59191 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-59190 | Windows Search Service Denial of Service Vulnerability |
| CVE-2025-59189 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-59188 | Microsoft Failover Cluster Information Disclosure Vulnerability |
| CVE-2025-59187 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-59186 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-59185 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2025-59184 | Storage Spaces Direct Information Disclosure Vulnerability |
| CVE-2025-58739 | Microsoft Windows File Explorer Spoofing Vulnerability |
| CVE-2025-58738 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58737 | Remote Desktop Protocol Remote Code Execution Vulnerability |
| CVE-2025-58736 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58735 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58734 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58733 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58732 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58731 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58730 | Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability |
| CVE-2025-58729 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-58728 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-58727 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-58726 | Windows SMB Server Elevation of Privilege Vulnerability |
| CVE-2025-58725 | Windows COM+ Event System Service Elevation of Privilege Vulnerability |
| CVE-2025-58724 | Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2025-58722 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-58720 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2025-58719 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2025-58718 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-58717 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-58716 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-58715 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2025-58714 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-55701 | Windows Authentication Elevation of Privilege Vulnerability |
| CVE-2025-55700 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-55699 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55698 | DirectX Graphics Kernel Denial of Service Vulnerability |
| CVE-2025-55697 | Azure Local Elevation of Privilege Vulnerability |
| CVE-2025-55696 | NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability |
| CVE-2025-55695 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CVE-2025-55694 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2025-55693 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-55692 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2025-55691 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55690 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55689 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55688 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55687 | Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability |
| CVE-2025-55686 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55685 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55684 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55683 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55682 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55681 | Desktop Windows Manager Elevation of Privilege Vulnerability |
| CVE-2025-55680 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2025-55679 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-55678 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-55677 | Windows Device Association Broker Service Elevation of Privilege Vulnerability |
| CVE-2025-55676 | Windows USB Video Class System Driver Information Disclosure Vulnerability |
| CVE-2025-55340 | Windows Remote Desktop Protocol Security Feature Bypass |
| CVE-2025-55339 | Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability |
| CVE-2025-55338 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55337 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55336 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2025-55335 | Windows NTFS Elevation of Privilege Vulnerability |
| CVE-2025-55334 | Windows Kernel Security Feature Bypass Vulnerability |
| CVE-2025-55333 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55332 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55331 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-55330 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-55328 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2025-55326 | Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability |
| CVE-2025-55325 | Windows Storage Management Provider Information Disclosure Vulnerability |
| CVE-2025-55320 | Configuration Manager Elevation of Privilege Vulnerability |
| CVE-2025-55315 | ASP.NET Security Feature Bypass Vulnerability |
| CVE-2025-55248 | .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability |
| CVE-2025-55247 | .NET Elevation of Privilege Vulnerability |
| CVE-2025-55240 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-54957 | MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder |
| CVE-2025-54132 | GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool |
| CVE-2025-53782 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2025-53768 | Xbox IStorageService Elevation of Privilege Vulnerability |
| CVE-2025-53717 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| CVE-2025-53150 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-53139 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2025-50175 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-50174 | Windows Device Association Broker Service Elevation of Privilege Vulnerability |
| CVE-2025-50152 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-49708 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-48813 | Virtual Secure Mode Spoofing Vulnerability |
| CVE-2025-48004 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-47989 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2025-47979 | Microsoft Failover Cluster Information Disclosure Vulnerability |
| CVE-2025-47827 | MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 |
| CVE-2025-2884 | Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation |
| CVE-2025-25004 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2025-24990 | Windows Agere Modem Driver Elevation of Privilege Vulnerability |
| CVE-2025-24052 | Windows Agere Modem Driver Elevation of Privilege Vulnerability |
| CVE-2025-0033 | AMD CVE-2025-0033: RMP Corruption During SNP Initialization |
| CVE-2016-9535 | MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability |
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.