October 2025 Security Patch Highlights

Microsoft has released a significant security update for its October 2025 Patch Tuesday, addressing a total of 172 vulnerabilities across its products. The update is particularly notable as it includes patches for two zero-day flaws that are already being actively exploited by attackers.

The first zero-day, tracked as CVE-2025-24990, was found in a third-party Agere Modem driver bundled with Windows. Microsoft’s solution was to completely remove the vulnerable driver. The second exploited flaw, CVE-2025-59230, is an elevation of privilege vulnerability in the Windows Remote Access Connection Manager (RasMan). Security experts also highlighted a critical 9.8 severity bug, CVE-2025-59287, in the Windows Server Update Service (WSUS) which could allow for unauthenticated remote code execution.

Navigating the End of Windows 10 Support

This month’s Patch Tuesday also marks the official end of free security updates for Windows 10. For users unable or unwilling to upgrade to Windows 11, there are two primary paths forward to maintain security.

One option is to enroll in Microsoft’s Extended Security Updates (ESU) program, which provides an additional year of security patches for a fee. The cost is around $30 for users without a Microsoft account but may be free for those who have one. The second option is to migrate to a different operating system, such as a user-friendly Linux distribution. Linux Mint is recommended as a strong choice for former Windows users, as it offers a familiar interface and can run on older hardware. Users can test it from a USB drive before committing to a full installation.

Source: https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/