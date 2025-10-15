Microsoft on Tuesday announced 170 patches affecting 21 product families. Eight of the addressed issues are considered by Microsoft to be of Critical severity, and 18 have a CVSS base score of 8.0 or higher. Three are known to be under active exploit in the wild, and two others have been publicly disclosed.

At patch time, 12 CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation, in addition to the two already detected to be so. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below.

In addition to the record-breaking patch count (surpassing the total of 159 set in January), there is a substantial set of advisory-only items in this month’s offering. For Edge, there are 14 patches released last week for Chrome that affect Microsoft’s browser. Two more CVEs are submitted by MITRE, including one item (MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder) known to be under exploit in the wild. The Unity Gaming Engine Editor bug that has upended gamers around the world (CVE-2025-59489) touches 30 Microsoft games — though not Xbox consoles, Xbox Cloud Gaming, iOS, or the HoloLens.

Continuing the list of advisories, a Github-reported bug in Mermaid Diagram Tool affecting Visual Studio (CVE-2025-54132) could potentially be triggered either by a malicious attacker or an AI hallucination. Finally, eight CVEs affecting Azure, Entra, or various flavors of Copilot – all Critical-severity issues involved either elevation of privilege or spoofing – are announced as already patched, though little information about them was made available. We have included titles and CVEs for all of the advisory items in Appendix D.

We are as always including at the end of this post additional appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family. Appendix E provides a breakout of the patches affecting the various Windows Server platforms still in support. This month, we also include a roundup of patches affecting the products leaving support this month, including Windows 10, Office 2016 and 2019, Exchange Server 2016 and 2019, and Visio 2016 and 2019. That information can be found in Appendix F.

By the numbers

Total CVEs: 170

Publicly disclosed: 2

Exploit detected: 3

Severity Critical: 8 Important: 161 Moderate: 1

Impact Denial of Service: 11 Elevation of Privilege: 79 Information Disclosure: 26 Remote Code Execution: 31 Security Feature Bypass: 11 Spoofing: 11 Tampering: 1

CVSS Base score 9.0 or higher: 3

CVSS Base score 8.0 or greater: 15

Figure 1: The sheer volume of the October release is remarkable, but there are just six Critical-severity issues – four Remote Code Execution, two Elevation of Privilege

Products

Windows: 132

365: 16

Office: 16

Excel: 7

Azure: 6

SharePoint: 6

Exchange: 3

Configuration Manager: 2

.NET: 2

Word: 2

Access: 1

ASP.NET: 1

Defender for Linux: 1

Dynamics 365: 1

microsoft/playwright: 1

PowerPoint: 1

PowerShell: 1

SQL: 1

Visio: 1

Visual Studio: 1

Xbox Gaming System: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. We note, by the way, that CVE names don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa.

Figure 2: If only Windows CVEs were being released this month and nothing else, it would still be the fourth-largest Patch Tuesday in modern history

Notable October updates

In addition to the issues discussed above, a variety of specific items merit attention.

CVE-2025-24052 — Windows Agere Modem Driver Elevation of Privilege Vulnerability

CVE-2025-24990 — Windows Agere Modem Driver Elevation of Privilege Vulnerability

CVE-2025-47979 — Microsoft Failover Cluster Information Disclosure Vulnerability

CVE-2025-53717 — Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

This quartet of Important-severity issues all require a bit of extra effort from administrators, and they reward (?) those who diligently keep their systems up to date year after year. The two modem-driver issues – one is already under active exploit, and the other has been publicly disclosed – affect only the specific Agere Modem driver (ltmdm64.sys), which ships natively in Windows, but the issue itself can be exploited via this vulnerability, even if your systems don’t use that soft-modem driver at all. Microsoft is deleting that driver from all versions of Windows as of this month’s updates, putting a quiet, strange end to tech that was cutting-edge (complete with a high-profile patent lawsuit) a generation ago. Meanwhile, Microsoft’s guidance on the Failover Cluster issue indicates that just patching might not be enough; just in case any sensitive information remains residual in system logs, the company advises administrators change their passwords. Finally, patching the VBS issue necessitated changes to various Virtual Secure Mode components; if you previously deployed the relevant policy a number of months ago, Microsoft has guidance for redeploying using the new policy.

CVE-2025-55340 – Windows Remote Desktop Protocol Security Feature Bypass

CVE-2025-59294 — Windows Taskbar Live Preview Information Disclosure Vulnerability

In a month in which the sheer volume of patches is nearly overwhelming, it can be refreshing to look into issues that hint at great ingenuity to find, replicate, and patch. The Important-severity RDP bug could have been far worse, except for the acrobatics necessary to trigger it: 1) The attacker must have access to a user’s machine; 2) the user must initiate an RDP session, and 3) the attack must be carried out within a certain amount of time from the initiation of the RDP session. Meanwhile, in CVE-2025-39294, exploiting the Important-severity Taskbar Live bug would require an attacker to 1) physically get their hands on a machine after its user has 2) hovered over a taskbar preview and then 3) immediately locked the screen or put the device to sleep. Not a bug that’s likely to see widespread abuse, and its CVSS Base score of 2.1 (!) reflects that, but it’s fascinating to think that it was discovered, re-created by the finders and again in Microsoft’s testing facilities, and ultimately fixed.

CVE-2025-53139 — Windows Hello Security Feature Bypass Vulnerability

There’s not a lot of information available on this Important-severity security feature bypass issue in Microsoft biometric authentication tool, but the note that the problem involves “cleartext transmission of sensitive information” by the tool is enough to inspire priority patching… and perhaps a fresh appreciation of something-you-know authentication options.

CVE-2025-58726 — Windows SMB Server Elevation of Privilege Vulnerability

If receiving over fourteen dozen patches in October has you feeling more tricked than treated, perhaps a Halloween ghost story is in order? This Important-severity elevation of privilege issue in SMB Server requires than an SPN (Service Principal Name) that is registered to an account that no longer exists, or is not in use, be available on the target machine. It’s even spookier when you remember that SPNs are of course used in Kerberos authentication… Kerberos, named for the three-headed canine guardian of the underworld. And if that’s not scary enough for you, three of this month’s other patches (CVE-2025-58379, CVE-2025-59208, CVE-2025-59295) invoke Internet Explorer, surely one of Microsoft’s most persistent poltergeists. Boo!

Figure 3: Microsoft has released patches for 1,023 CVEs in the course of the year’s ten Patch Tuesdays so far. Meanwhile, this is Tampering’s fourth appearance in the 2025 tallies

Sophos protections

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of October patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Elevation of Privilege (79 CVEs)

Critical severity CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability Important severity CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability CVE-2025-47989 Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-50152 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-50174 Windows Device Association Broker Service Elevation of Privilege Vulnerability CVE-2025-50175 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-53150 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability CVE-2025-53768 Xbox IStorageService Elevation of Privilege Vulnerability CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability CVE-2025-55247 .NET Elevation of Privilege Vulnerability CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability CVE-2025-55328 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-55331 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55335 Windows NTFS Elevation of Privilege Vulnerability CVE-2025-55339 Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability CVE-2025-55678 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2025-55684 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55685 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55686 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55687 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability CVE-2025-55688 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55689 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55690 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-58714 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2025-58719 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-58724 Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability CVE-2025-58727 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-58728 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59189 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-59191 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-59192 Storport.sys Driver Elevation of Privilege Vulnerability CVE-2025-59193 Windows Management Services Elevation of Privilege Vulnerability CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59196 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability CVE-2025-59201 Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability CVE-2025-59205 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability CVE-2025-59207 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2025-59241 Windows Health and Optimized Experiences Elevation of Privilege Vulnerability CVE-2025-59242 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2025-59254 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-59255 Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2025-59261 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability CVE-2025-59289 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-59290 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-59494 Azure Monitor Agent Elevation of Privilege Vulnerability

Remote Code Execution (31 CVEs)

Critical severity CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability CVE-2025-49708 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Important severity CVE-2025-55326 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-58730 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58731 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58733 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58735 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58736 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability

Information Disclosure (26 CVEs)

Important severity CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability CVE-2025-55336 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability CVE-2025-55679 Windows Kernel Information Disclosure Vulnerability CVE-2025-55683 Windows Kernel Information Disclosure Vulnerability CVE-2025-55695 Windows WLAN AutoConfig Service Information Disclosure Vulnerability CVE-2025-55699 Windows Kernel Information Disclosure Vulnerability CVE-2025-55700 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-58717 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability CVE-2025-59184 Storage Spaces Direct Information Disclosure Vulnerability CVE-2025-59186 Windows Kernel Information Disclosure Vulnerability CVE-2025-59188 Microsoft Failover Cluster Information Disclosure Vulnerability CVE-2025-59197 Windows ETL Channel Information Disclosure Vulnerability CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability CVE-2025-59204 Windows Management Services Information Disclosure Vulnerability CVE-2025-59209 Windows Push Notification Core Information Disclosure Vulnerability CVE-2025-59211 Windows Push Notification Core Information Disclosure Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59258 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability CVE-2025-59260 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability CVE-2025-59294 Windows Taskbar Live Preview Information Disclosure Vulnerability

Denial of Service (11 CVEs)

Important severity CVE-2025-55698 DirectX Graphics Kernel Denial of Service Vulnerability CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-59190 Windows Search Service Denial of Service Vulnerability CVE-2025-59195 Microsoft Graphics Component Denial of Service Vulnerability CVE-2025-59198 Windows Search Service Denial of Service Vulnerability CVE-2025-59208 Windows MapUrlToZone Information Disclosure Vulnerability CVE-2025-59229 Microsoft Office Denial of Service Vulnerability CVE-2025-59253 Windows Search Service Denial of Service Vulnerability CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-59497 Microsoft Defender for Linux Denial of Service Vulnerability

Security Feature Bypass (11 CVEs)

Important severity CVE-2025-47827 MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability CVE-2025-55330 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55332 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55333 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55334 Windows Kernel Security Feature Bypass Vulnerability CVE-2025-55337 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55338 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass CVE-2025-55682 Windows BitLocker Security Feature Bypass Vulnerability

Spoofing (11 CVEs)

Important severity CVE-2025-48813 Windows Confidential Virtual Machines Spoofing Vulnerability CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-59200 Data Sharing Service Spoofing Vulnerability CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-59217 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability CVE-2025-59284 Windows NTLM Spoofing Vulnerability Moderate severity CVE-2025-59288 Playwright Spoofing Vulnerability

Tampering (1 CVE)

Important severity CVE-2025-59280 Windows SMB Client Tampering Vulnerability

Appendix B: Exploitability and CVSS

This is a list of the October CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

Exploitation more likely within the next 30 days CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability

The CVEs listed below were known to be under active exploit prior to the release of this month’s patches.

CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-47827 MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11 CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

These are the October CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema.

CVSS Base CVSS Temporal CVE Title 9.9 8.6 CVE-2025-49708 Windows Graphics Component Remote Code Execution Vulnerability 9.9 8.6 CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability 9.8 8.5 CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability 8.8 7.7 CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability 8.4 7.3 CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability 8.2 7.1 CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability 8.2 7.1 CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability 8.1 7.1 CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability

Appendix C: Products Affected

This is a list of October’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain significant issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

Windows (132 CVEs)

Critical severity CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability CVE-2025-49708 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability Important severity CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-48813 Windows Confidential Virtual Machines Spoofing Vulnerability CVE-2025-50152 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-50174 Windows Device Association Broker Service Elevation of Privilege Vulnerability CVE-2025-50175 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability CVE-2025-53150 Windows Digital Media Elevation of Privilege Vulnerability CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability CVE-2025-53768 Xbox IStorageService Elevation of Privilege Vulnerability CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability CVE-2025-55326 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability CVE-2025-55328 Windows Hyper-V Elevation of Privilege Vulnerability CVE-2025-55330 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55331 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55332 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55333 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55334 Windows Kernel Security Feature Bypass Vulnerability CVE-2025-55335 Windows NTFS Elevation of Privilege Vulnerability CVE-2025-55336 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability CVE-2025-55337 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55338 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55339 Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability CVE-2025-55678 DirectX Graphics Kernel Elevation of Privilege Vulnerability CVE-2025-55679 Windows Kernel Information Disclosure Vulnerability CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability CVE-2025-55682 Windows BitLocker Security Feature Bypass Vulnerability CVE-2025-55683 Windows Kernel Information Disclosure Vulnerability CVE-2025-55684 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55685 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55686 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55687 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability CVE-2025-55688 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55689 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55690 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability CVE-2025-55695 Windows WLAN AutoConfig Service Information Disclosure Vulnerability CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability CVE-2025-55698 DirectX Graphics Kernel Denial of Service Vulnerability CVE-2025-55699 Windows Kernel Information Disclosure Vulnerability CVE-2025-55700 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-58714 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability CVE-2025-58717 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-58719 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability CVE-2025-58727 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-58728 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-58730 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58731 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58733 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58735 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58736 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-59184 Storage Spaces Direct Information Disclosure Vulnerability CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-59186 Windows Kernel Information Disclosure Vulnerability CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59188 Microsoft Failover Cluster Information Disclosure Vulnerability CVE-2025-59189 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-59190 Windows Search Service Denial of Service Vulnerability CVE-2025-59191 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2025-59192 Storport.sys Driver Elevation of Privilege Vulnerability CVE-2025-59193 Windows Management Services Elevation of Privilege Vulnerability CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59195 Microsoft Graphics Component Denial of Service Vulnerability CVE-2025-59196 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability CVE-2025-59197 Windows ETL Channel Information Disclosure Vulnerability CVE-2025-59198 Windows Search Service Denial of Service Vulnerability CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability CVE-2025-59200 Data Sharing Service Spoofing Vulnerability CVE-2025-59201 Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability CVE-2025-59204 Windows Management Services Information Disclosure Vulnerability CVE-2025-59205 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability CVE-2025-59207 Windows Kernel Elevation of Privilege Vulnerability CVE-2025-59208 Windows MapUrlToZone Information Disclosure Vulnerability CVE-2025-59209 Windows Push Notification Core Information Disclosure Vulnerability CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability CVE-2025-59211 Windows Push Notification Core Information Disclosure Vulnerability CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2025-59241 Windows Health and Optimized Experiences Elevation of Privilege Vulnerability CVE-2025-59242 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability CVE-2025-59253 Windows Search Service Denial of Service Vulnerability CVE-2025-59254 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-59255 Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-59258 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability CVE-2025-59260 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability CVE-2025-59261 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability CVE-2025-59280 Windows SMB Client Tampering Vulnerability CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability CVE-2025-59284 Windows NTLM Spoofing Vulnerability CVE-2025-59289 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-59290 Windows Bluetooth Service Elevation of Privilege Vulnerability CVE-2025-59294 Windows Taskbar Live Preview Information Disclosure Vulnerability CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability

365 (16 CVEs)

Critical severity CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability Important severity CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-59229 Microsoft Office Denial of Service Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability

Office (16 CVEs)

Critical severity CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability Important severity CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-59229 Microsoft Office Denial of Service Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability

Excel (7 CVEs)

Important severity CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability

Azure (6 CVEs)

Critical severity CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability Important severity CVE-2025-47989 Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-58724 Arc Enabled Servers – Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability CVE-2025-59494 Azure Monitor Agent Elevation of Privilege Vulnerability

SharePoint (6 CVEs)

Important severity CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability

Exchange (3 CVEs)

Important severity CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability

Configuration Manager (2 CVEs)

Important severity CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability

.NET (2 CVEs)

Important severity CVE-2025-55247 .NET Elevation of Privilege Vulnerability CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Visual Studio (2 CVEs)

Important severity CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability

Word (2 CVEs)

Important severity CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability

Access (1 CVE)

Important severity CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability

ASP.NET (1 CVE)

Important severity CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability

Defender for Linux (1 CVE)

Important severity CVE-2025-59497 Microsoft Defender for Linux Denial of Service Vulnerability

Dynamics 365 (1 CVE)

Important severity CVE-2025-59217 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

microsoft/playwright (1 CVE)

Important severity CVE-2025-59288 Playwright Spoofing Vulnerability

PowerPoint (1 CVE)

Important severity CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability

PowerShell (1 CVE)

Important severity CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability

SQL (1 CVE)

Important severity CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability

Visio (1 CVE)

Important severity CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability

Xbox (1 CVE)

Important severity CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability

Appendix D: Advisories and Other Products

There are 14 Edge-related advisories in October’s release, all of which originated with Chrome.

CVE-2025-11205 Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU CVE-2025-11206 Chromium: CVE-2025-11206 Heap buffer overflow in Video CVE-2025-11207 Chromium: CVE-2025-11207 Side-channel information leakage in Storage CVE-2025-11208 Chromium: CVE-2025-11208 Inappropriate implementation in Media CVE-2025-11209 Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox CVE-2025-11210 Chromium: CVE-2025-11210 Side-channel information leakage in Tab CVE-2025-11211 Chromium: CVE-2025-11211 Out of bounds read in Media CVE-2025-11212 Chromium: CVE-2025-11212 Inappropriate implementation in Media CVE-2025-11213 Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox CVE-2025-11215 Chromium: CVE-2025-11215 Off by one error in V8 CVE-2025-11216 Chromium: CVE-2025-11216 Inappropriate implementation in Storage CVE-2025-11219 Chromium: CVE-2025-11219 Use after free in V8 CVE-2025-11458 Chromium: CVE-2025-11458 Heap buffer overflow in Sync CVE-2025-11460 Chromium: CVE-2025-11460 Use after free in Storage

This month also includes the periodic Servicing Stack Updates, ADV990001.

Three issues in this month’s release were brought to Microsoft’s attention by external entities and merit advisory information. The Dolby issue is known to be under active exploit in the wild.

CVE-2025-54132 GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool CVE-2025-54957 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability

Finally, Microsoft announced that eight more Critical-severity issues, affecting Azure, Entra, and Copilot, were patched prior to the Tuesday release:

CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability CVE-2025-59252 M365 Copilot Spoofing Vulnerability CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability CVE-2025-59272 Copilot Spoofing Vulnerability CVE-2025-59286 Copilot Spoofing Vulnerability

Appendix E: Affected Windows Server versions

This is a table of the 129 CVEs in the October release affecting Windows Server versions 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft.

For October, we have included in the chart the Windows Server information for CVE-2025-55248, which is a .NET / Visual Studio patch. The issue affects various versions of the .NET Framework, which in turn involves specific versions of Windows Server. We have marked this specific row in green. We encourage anyone who believes they are directly affected by this patch to consult Microsoft’s information on the CVE to determine specific exposure. (We did not count this CVE in the October total for Windows.)

CVE S-08 8r2 S-12 12r2 S-16 S-19 S-22 23h2 S-25 CVE-2016-9535 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-24052 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-24990 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-25004 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-47979 × × × × × × × ■ ■ CVE-2025-48004 × × × × × × × ■ ■ CVE-2025-48813 × × × × × ■ ■ ■ ■ CVE-2025-49708 × × × × × ■ ■ ■ ■ CVE-2025-50152 × × × × ■ ■ ■ ■ ■ CVE-2025-50174 × × × × × × × × ■ CVE-2025-50175 × × × × × ■ ■ ■ ■ CVE-2025-53139 × × × × × × × × ■ CVE-2025-53150 × × × × × ■ × ■ ■ CVE-2025-55248 ■ ■ ■ ■ ■ ■ ■ ■ × CVE-2025-55325 × × × × ■ ■ ■ ■ ■ CVE-2025-55326 × × × × × ■ ■ ■ ■ CVE-2025-55328 × × × × ■ ■ ■ ■ ■ CVE-2025-55330 × × × × × × × ■ ■ CVE-2025-55331 × × × × × × ■ ■ ■ CVE-2025-55332 × × × × × ■ ■ ■ ■ CVE-2025-55333 × × × × ■ ■ ■ ■ ■ CVE-2025-55335 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-55336 × × × × × ■ ■ ■ ■ CVE-2025-55337 × × × × × × × × ■ CVE-2025-55338 × × × × ■ ■ ■ ■ ■ CVE-2025-55339 × × × × × × ■ ■ ■ CVE-2025-55340 × × × × × × ■ ■ ■ CVE-2025-55676 × × × × × × × × ■ CVE-2025-55677 × × × × × × × × ■ CVE-2025-55678 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-55679 × × × × × ■ ■ ■ ■ CVE-2025-55680 × × × × × ■ ■ ■ ■ CVE-2025-55681 × × × × × ■ ■ ■ ■ CVE-2025-55682 × × × × × × × × ■ CVE-2025-55683 × × × × ■ ■ ■ ■ ■ CVE-2025-55684 × × × × × × × × ■ CVE-2025-55685 × × × × × × ■ ■ ■ CVE-2025-55686 × × × × × × ■ ■ ■ CVE-2025-55687 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-55688 × × × × × × × × ■ CVE-2025-55689 × × × × × × ■ ■ ■ CVE-2025-55690 × × × × × × × × ■ CVE-2025-55691 × × × × × × × × ■ CVE-2025-55692 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-55693 × × × × × × × × ■ CVE-2025-55694 × × × × × × × × ■ CVE-2025-55695 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-55696 × × × × × ■ ■ ■ ■ CVE-2025-55697 × × × × × × × ■ ■ CVE-2025-55698 × × × × × × × × ■ CVE-2025-55699 × × × × ■ ■ ■ ■ ■ CVE-2025-55700 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-55701 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58714 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58715 × × × × ■ ■ ■ ■ ■ CVE-2025-58716 × × × × ■ ■ ■ ■ ■ CVE-2025-58717 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58718 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58719 × × × × ■ ■ ■ ■ ■ CVE-2025-58720 × × × × × ■ ■ ■ ■ CVE-2025-58722 × × × × ■ ■ ■ ■ ■ CVE-2025-58725 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58726 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58727 × × × × × × × ■ ■ CVE-2025-58728 × × × × × ■ × ■ ■ CVE-2025-58729 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58730 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58731 × × × × × × ■ ■ ■ CVE-2025-58732 × ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58733 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58734 × × × × ■ ■ ■ ■ ■ CVE-2025-58735 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58736 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-58737 × × × ■ ■ ■ ■ ■ ■ CVE-2025-58738 × × × × × ■ ■ ■ ■ CVE-2025-58739 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59184 × × × × ■ ■ ■ ■ ■ CVE-2025-59185 × × × ■ ■ ■ ■ ■ ■ CVE-2025-59186 × × × × ■ ■ ■ ■ ■ CVE-2025-59187 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59188 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59189 × × × × × × × × ■ CVE-2025-59190 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59191 × × × × × ■ ■ ■ ■ CVE-2025-59192 × × × × ■ ■ ■ ■ ■ CVE-2025-59193 × × × × × ■ ■ ■ ■ CVE-2025-59194 × × × × × × × ■ ■ CVE-2025-59195 × × × × × ■ ■ ■ ■ CVE-2025-59196 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59197 × × × × ■ ■ ■ ■ ■ CVE-2025-59198 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59199 × × × × × ■ ■ ■ ■ CVE-2025-59200 × × × × ■ ■ ■ ■ ■ CVE-2025-59201 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59202 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59203 × × × × ■ ■ ■ ■ ■ CVE-2025-59204 × × × × × ■ ■ ■ ■ CVE-2025-59205 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59206 × × × × × × × × ■ CVE-2025-59207 × × × × × ■ ■ ■ ■ CVE-2025-59208 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59209 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59210 × × × × × × × × ■ CVE-2025-59211 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59214 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59230 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59242 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59244 × × × ■ ■ ■ ■ ■ ■ CVE-2025-59253 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59254 × × × × ■ ■ ■ ■ ■ CVE-2025-59255 × × × × × ■ ■ ■ ■ CVE-2025-59257 × × × × × × × ■ ■ CVE-2025-59258 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59259 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59260 × × × × ■ ■ ■ ■ ■ CVE-2025-59261 × × × × × × ■ ■ ■ CVE-2025-59275 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59277 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59278 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59280 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59282 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-59284 × × × × × × × × ■ CVE-2025-59287 × × ■ ■ ■ ■ ■ ■ ■ CVE-2025-59289 × × × × × × ■ ■ ■ CVE-2025-59290 × × × × × × ■ ■ ■ CVE-2025-59294 × × × ■ ■ ■ ■ ■ ■ CVE-2025-59295 ■ ■ ■ ■ ■ ■ ■ ■ ■ CVE-2025-2884 × × × × × × × ■ ■ CVE-2025-47827 × × ■ ■ ■ ■ ■ ■ ■

Appendix F: Patches for products ending support in October 2025

The following tables list CVEs affecting products for which Microsoft is concluding support this month. Red indicates a Critical-severity issue.

Officially, this means that those products will no longer receive security updates, non-security updates, bug fixes, or technical support. History shows us that sometimes an issue is so significant as to cause a patch to be released for an end-of-life product, but by no means should users count on that happening with these products.

As a reminder, the specific versions of Windows 10 for which support is being withdrawn this month are:

Windows 10 Enterprise & Education

Windows 10 Enterprise LTSB 2015

Windows 10 Home & Pro

Windows 10 IoT Enterprise

Windows 10 Team (Surface Hub)

For more information on the graduating class of October 2025, please see Microsoft’s information page.

Access 2016 CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability Excel 2016 CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability Exchange Server 2016 CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability Exchange Server 2019 CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability Office 2016 CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability Office 2019 CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability PowerPoint 2016 CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability Visio 2016 CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability Word 2016 CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability

For Windows 10, 96 farewell patches. The CVE noted in green is CVE-2025-55248, as explained in Appendix E: