Microsoft's October 2025 Patch Tuesday update for Windows 11 resolves 175 security vulnerabilities, aiming to bolster the operating system's defenses. Notably, this update includes two zero-day elevation-of-privilege flaws actively exploited in the wild.
Security Flaws Addressed
The update targets two significant zero-day vulnerabilities. The first involves the legacy ltmdm64.sys driver, which has been entirely removed due to security risks that allowed attackers to gain administrative privileges. The second, tracked as CVE-2025-59230, affects the Remote Access Connection Manager and enables local privilege escalation to SYSTEM.
Microsoft credits the discovery of these vulnerabilities to MSTIC (Microsoft Threat Intelligence Center), MSRC (Microsoft Security Response Center), and external security researchers.
Critical Vulnerabilities Patched
- CVE-2025-59246: Affects Azure Entra ID, allowing remote code execution without user interaction (CVSS 9.8).
- CVE-2025-55315: Impacts ASP.NET Core, risking confidentiality and integrity in multi-tenant environments (CVSS 9.9).
- CVE-2025-49708: Concerns the Microsoft Graphics Component, which could lead to full system compromise (CVSS 9.9).
- CVE-2025-59287: RCE in Windows Server Update Service (CVSS 9.8).
- CVE-2025-59228: SharePoint pre-authentication RCE (CVSS 8.8).
The cumulative update also addresses usability issues, such as fixing a print preview hang in Chromium-based browsers and correcting input detection failures for gamepads.
Release and Recommendations
Windows 11 versions 24H2 and 25H2 have been updated to OS builds 26200.6899 and 26100.6899, respectively. The October update package includes changes from KB5065789 and fixes various system reliability problems.
Microsoft advises administrators to be vigilant about Secure Boot certificate expirations due in June 2026 and recommends actions from the associated remediation guidance to avoid potential boot failures.
Users can install this update by opening the Settings app, navigating to Windows Update, checking for updates, and selecting 'Install all.' A system restart is required, and a data backup is recommended prior to the update.
