Roundup of Microsoft Patch Tuesday (October 2025)

Summary

On October 15 (UTC+8), 2025, Microsoft released its October 2025 Security Updates, which included patches for a total of 183 CVEs, an increase of 102 CVEs compared to the previous month.

In terms of vulnerability severity, there were 17 vulnerabilities marked as "Critical" and 165 vulnerabilities marked as "Important/High". In terms of vulnerability types, there were primarily 33 remote code execution vulnerabilities, 84 privilege escalation vulnerabilities, and 28 information disclosure vulnerabilities.

Statistics

Vulnerability Trend

Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months

• On the whole, Microsoft released 183 patches in October 2025, including 17 critical vulnerability patches.
• Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce fewer vulnerabilities in the coming November in comparison to October. We expect a figure of approximately 95 vulnerabilities.

Comparison of Vulnerability Trends

The following figure shows the number of patches released by Microsoft in the month of October from 2022 to 2025.

Figure 2 Number of Windows Patches Released by Microsoft in October from 2022 to 2025

The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in October from 2022 to 2025.

Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in October from 2022 to 2025

The following figure shows the number of vulnerabilities by type addressed by Microsoft in October from 2022 to 2025.

Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in October from 2022 to 2025

Data source: Microsoft security updates

• Compared to last year, there has been an increase in terms of the number of vulnerabilities this year. The number of vulnerabilities addressed by Microsoft in October 2025 has increased. A total of 183 vulnerability patches, including 17 critical ones, have been reported this month.
• Compared to last year, the number of vulnerabilities at the Critical level addressed by Microsoft has increased, and that of vulnerabilities at the Important/High level has also increased. Specifically, 17 vulnerabilities at the Critical level have been addressed, an increase of about 467%; and 165 vulnerabilities at the Important/High level have been addressed, an increase of about 42%.
• In terms of the vulnerability type, both the number of remote code execution (RCE) vulnerabilities and the number of denial-of-service (DoS) vulnerabilities have decreased, whereas the number of elevation of privilege (EoP) vulnerabilities has increased. We should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over the entire local area network (LAN) and launch attacks.

Details of Key Vulnerabilities

Analysis

Windows Agere Modem Driver Elevation of Privilege Vulnerability (CVE-2025-24990)

The Windows Agere Modem Driver is a system component designed to support soft modems produced by Agere Systems. It is mainly used to enable the operating system to recognize and properly drive Agere modems, to implement functionalities such as dial-up access over analog telephone lines, and fax transmission and reception.

An elevation of privilege vulnerability exists in it, which attackers can exploit to gain higher privileges on the target system. This vulnerability is known to have been exploited in the wild, and after assessment, it is considered critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability (CVE-2025-59230)

Windows Remote Access Connection Manager (RASMan) is a core Windows network service for managing remote connections for computers. It is responsible for establishing, maintaining, and terminating remote connections implemented via dial-ups, virtual private networks (VPNs), and broadband. This service provides a unified remote connection interface for the system and applications, enabling users to securely access enterprise networks or remote servers.

An elevation of privilege vulnerability exists in it, which attackers can exploit to gain higher privileges on the target system. This vulnerability is known to have been exploited in the wild, and after assessment, it is considered critical in terms of the threat level. We recommend that users promptly update the Microsoft security patches.

Affected Versions

Solutions

Official Solution:

Microsoft has released security patches for affected software. Affected users can install the corresponding security patches based on their system versions.

Download Links:

1. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24990
2. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59230

References

https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct

Timeline

On October 15, 2025, Microsoft released a security bulletin.

On October 15, 2025, Sangfor FarSight Labs released a vulnerability alert.

Learn More

Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.