Microsoft's October Patch Tuesday, released on 2025-10-14, addressed 167 vulnerabilities across multiple platforms, marking the highest count this year, and included seven critical bugs that demand immediate attention.
Key Vulnerabilities Addressed
The update highlights a significant remote code execution (RCE) vulnerability in the Windows Server Update Service (WSUS), which carries a CVSSv3 score of 9.8. This flaw allows attackers to execute unauthorized code, threatening managed endpoints. Similarly, two RCE vulnerabilities in Microsoft Office can be exploited by simply previewing a malicious email attachment, posing a serious threat via social engineering tactics.
- Microsoft patched two critical RCEs in Office relating to document preview.
- Agere Modem driver vulnerabilities are being actively exploited, affecting legacy hardware integrity.
- RasMan zero-day and AMD Secure Processor vulnerabilities highlight risks in privilege escalation and memory integrity, respectively.
Legacy System Adjustments
Microsoft is taking action against outdated technology. It will remove the legacy ltmdm64.sys Agere Modem driver from Windows, rendering systems that still use this hardware nonfunctional post-update. This is part of a broader move as support ends for older Windows 10 releases, urging users to enroll in extended security update programs.
Focus on Security Improvements
Security fixes extend beyond Microsoft, as SAP released various notes addressing vulnerabilities in its systems, like a critical fix in NetWeaver AS Java with a CVSS score of 10.0. SAP's updates concentrate on protecting against potential security breaches in internet-facing and kernel-level components.
- Microsoft ended support for older Windows 10 versions, affecting unpatched systems.
- SAP updates target internet-facing service vulnerabilities.
