Patch Tuesday, October 2025 ‘End of 10’ Version – Krebs on Security

Microsoft in the present day launched software program updates to plug a whopping 172 safety holes in its Windows working methods, together with at the least two vulnerabilities which can be already being actively exploited. October’s Patch Tuesday additionally marks the ultimate month that Microsoft will ship safety updates for Windows 10 methods. If you’re working a Windows 10 PC and also you’re unable or unwilling emigrate to Windows 11, learn on for different choices.

The first zero-day bug addressed this month (CVE-2025-24990) entails a third-party modem driver referred to as Agere Modem that’s been bundled with Windows for the previous 20 years. Microsoft responded to energetic assaults on this flaw by fully eradicating the weak driver from Windows.

The different zero-day is CVE-2025-59230, an elevation of privilege vulnerability in Windows Remote Access Connection Manager (often known as RasMan), a service used to handle distant community connections by means of digital personal networks (VPNs) and dial-up networks.

“While RasMan is a frequent flyer on Patch Tuesday, appearing more than 20 times since January 2022, this is the first time we’ve seen it exploited in the wild as a zero day,” mentioned Satnam Narang, senior workers analysis engineer at Tenable.

Narang notes that Microsoft Office customers must also be aware of CVE-2025-59227 and CVE-2025-59234, a pair of distant code execution bugs that benefit from “Preview Pane,” which means that the goal doesn’t even have to open the file for exploitation to happen. To execute these flaws, an attacker would social engineer a goal into previewing an e-mail with a malicious Microsoft Office doc.

Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now routinely save paperwork to OneDrive, Microsoft’s cloud platform. Users who’re uncomfortable saving all of their paperwork to Microsoft’s cloud can change this in Word’s settings; ZDNet has a useful how-to on disabling this function.

Kev Breen, senior director of risk analysis at Immersive, referred to as consideration to CVE-2025-59287, a crucial distant code execution bug within the Windows Server Update Service  (WSUS) — the exact same Windows service liable for downloading safety patches for Windows Server variations. Microsoft says there aren’t any indicators this weak spot is being exploited but. But with a risk rating of 9.8 out of potential 10 and marked “exploitation more likely,” CVE-2025-59287 will be exploited with out authentication and is a straightforward “patch now” candidate.

“Microsoft provides limited information, stating that an unauthenticated attacker with network access can send untrusted data to the WSUS server, resulting in deserialization and code execution,” Breen wrote. “As WSUS is a trusted Windows service that is designed to update privileged files across the file system, an attacker would have free rein over the operating system and could potentially bypass some EDR detections that ignore or exclude the WSUS service.”

For extra on different fixes from Redmond in the present day, take a look at the SANS Internet Storm Center monthly roundup, which indexes the entire updates by severity and urgency.

Windows 10 isn’t the one Microsoft OS that’s reaching end-of-life in the present day; Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are among the different merchandise that Microsoft is sunsetting in the present day.

If you’re working any Windows 10 methods, you’ve in all probability already decided whether or not your PC meets the technical {hardware} specs really useful for the Windows 11 OS. If you’re reluctant or unable emigrate a Windows 10 system to Windows 11, there are alternate options to easily persevering with to make use of Windows 10 with out ongoing safety updates.

One choice is to pay for one more yr’s value of safety updates by means of Microsoft’s Extended Security Updates (ESU) program. The price is simply $30 if you happen to don’t have a Microsoft account, and apparently free if you happen to register the PC to a Microsoft account. This video breakdown from Ask Your Computer Guy does a superb job of strolling Windows 10 customers by means of this course of. Microsoft emphasizes that ESU enrollment doesn’t present different varieties of fixes, function enhancements or product enhancements. It additionally doesn’t include technical help.

If your Windows 10 system is related to a Microsoft account and signed in whenever you go to Windows Update, it’s best to see an choice to enroll in prolonged updates. Image:

Windows 10 customers even have the choice of putting in some taste of Linux as a substitute. Anyone significantly contemplating this feature ought to take a look at the web site endof10.org, which features a plethora of ideas and a DIY set up information.

Linux Mint is a superb choice for Linux newbies. Like most fashionable Linux variations, Mint will run on something with a 64-bit CPU that has at the least 2GB of reminiscence, though 4GB is really useful. In different phrases, it’s going to run on virtually any laptop produced within the final decade.

Linux Mint is also more likely to be essentially the most intuitive interface for normal Windows customers, and it’s largely configurable with none fuss on the text-only command-line immediate. Mint and different flavors of Linux include LibreOffice, which is an open supply suite of instruments that features purposes much like Microsoft Office, and it could possibly open, edit and save paperwork as Microsoft Office recordsdata.

If you’d desire to provide Linux a check drive earlier than putting in it on a Windows PC, you possibly can all the time simply obtain it to a detachable USB drive. From there, reboot the pc (with the detachable drive plugged in) and choose the choice at startup to run the working system from the exterior USB drive. If you don’t see an choice for that after restarting, attempt restarting once more and hitting the F8 button, which ought to open an inventory of bootable drives. Here’s a fairly thorough tutorial that walks by means of precisely how you can do all this.

And if that is your first time attempting out Linux, loosen up and have enjoyable: The good factor a few “live” model of Linux (because it’s referred to as when the working system is run from a detachable drive comparable to a CD or a USB stick) is that none of your modifications persist after a reboot. Even if you happen to someway handle to interrupt one thing, a restart will return the system again to its authentic state.

As ever, if you happen to expertise any difficulties throughout or after making use of this month’s batch of patches, please go away a notice about it within the feedback under.