Patch Tuesday, October 2025, “End 10” edition – Krebs on security

Microsoft today released software updates to close 172 security vulnerabilities in its Windows operating systems, including at least two vulnerabilities already actively exploited. October Patch Tuesday also marks the last month that Microsoft will provide security updates for Windows 10 systems. If you are using a Windows 10 PC and cannot or do not want to migrate to Windows 11read on for other options.

The first zero-day bug fixed this month (CVE-2025-24990) involves a third-party modem driver called Agere Modem, which has been included with Windows for two decades. Microsoft responded to active attacks against this flaw by completely removing the vulnerable driver from Windows.

The other zero-day is CVE-2025-59230, an elevation of privilege vulnerability in Windows Remote Access Connection Manager (also known as RasMan), a service used to manage remote network connections over virtual private networks (VPNs) and dial-up networks.

“While RasMan is a Patch Tuesday regular, appearing over 20 times since January 2022, this is the first time we’ve seen him exploited in the wild as a zero-day,” said Satnam Narangsenior research engineer at Defensible.

Narang notes that Microsoft Office Users should also take note of CVE-2025-59227 and CVE-2025-59234, two remote code execution bugs that take advantage of the “preview pane,” meaning the target doesn’t even need to open the file for the exploitation to occur. To execute these flaws, an attacker would force a target to preview an email containing a malicious Microsoft Office document.

Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform. Users who are not comfortable saving all their documents in Microsoft’s cloud can change this in Word settings; ZDNet has a helpful procedure for disabling this feature.

Kevin Breensenior director of threat research at Immersivebrought attention to CVE-2025-59287, a critical remote code execution bug in Windows Server Update Service (WSUS) – the same Windows service responsible for downloading security patches for Windows Server releases. Microsoft says there is currently no sign that this weakness is being exploited. But with a threat score of 9.8 out of 10 possible and marked “exploit more likely,” CVE-2025-59287 can be exploited without authentication and is an easy “update now” candidate.

“Microsoft provides limited information, indicating that an unauthenticated attacker with network access can send untrusted data to the WSUS server, resulting in deserialization and code execution,” Breen wrote. “As WSUS is a trusted Windows service designed to update privileged files in the file system, an attacker would have free reign over the operating system and could potentially bypass certain EDR detections that ignore or exclude the WSUS service.”

To learn more about other Redmond fixes today, check out the SANS Internet Storm Center monthly summary, which indexes all updates by severity and urgency.

Windows 10 is not the only Microsoft operating system that is reaching the end of its life today; Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise version 22H2And Outlook 2016 are some of the other products that Microsoft is discontinuing today.

If you are using a Windows 10 system, you have probably already determined whether your PC meets the recommended technical hardware specifications for the Windows 11 operating system. If you are reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.

One option is to pay for an additional year of security updates through Microsoft’s Extended Security Updates (ESU) program. The cost is only $30 if you don’t have a Microsoft account, and apparently free if you register the PC to a Microsoft account. This video breakdown of Ask your IT professional does a good job guiding Windows 10 users through this process. Microsoft emphasizes that ESU registration does not provide other types of fixes, feature enhancements, or product enhancements. It also doesn’t come with technical support.

Windows 10 users also have the option of installing a version of Linux instead. Anyone seriously considering this option should check out the website endof10.org, which includes a wealth of tips and a DIY installation guide.

Linux Mint is a great option for Linux beginners. Like most modern versions of Linux, Mint will run on any 64-bit processor with at least 2 GB of memory, although 4 GB is recommended. In other words, it will work on almost every computer produced in the last decade.

Linux Mint is also probably the most intuitive interface for regular Windows users, and it’s largely configurable without issue at the text-only command line prompt. Mint and other versions of Linux come with LibreOfficewhich is an open source suite of tools that includes applications similar to Microsoft Office, and which can open, edit and save documents as Microsoft Office files.

If you prefer to test Linux before installing it on a Windows PC, you can always simply download it to a removable USB drive. From there, restart the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you don’t see an option after restarting, try restarting again and pressing the F8 button, which should open a list of bootable drives. Here’s a pretty comprehensive tutorial that explains exactly how to do all of this.

And if this is your first time trying Linux, relax and have fun: the advantage of a “live” version of Linux (as it is called when the operating system is run from a removable drive such as a CD or USB stick) is that none of your changes persist after a reboot. Even if you manage to break something, a reboot will return the system to its original state.

As always, if you experience any issues during or after applying this month’s patch batch, please leave a note about it in the comments below.