Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched

Microsoft rolled out its October 2025 Patch Tuesday updates, addressing a staggering 172 vulnerabilities across its ecosystem, including four zero-day flaws, of which two are actively exploited in the wild.

This monthly security bulletin underscores the relentless pace of threat evolution, with critical remote code execution bugs in Office apps and elevation of privilege issues in Windows components dominating the fixes.

As organizations grapple with end-of-support deadlines for legacy systems like Windows 10, timely patching remains essential to mitigate risks from state-sponsored actors and cybercriminals.

The updates target a broad array of products, from core Windows operating systems to Azure cloud services and the Microsoft Office suite.

Among the highlights, Microsoft patched CVE-2025-59234 and CVE-2025-59236, both use-after-free vulnerabilities in Microsoft Office and Excel that enable remote code execution when users open malicious files.

These flaws, rated critical with CVSS scores around 7.8, require no authentication and could allow attackers to gain full system control, potentially leading to data theft or ransomware deployment.

Similarly, CVE-2025-49708 in the Microsoft Graphics Component exposes systems to privilege escalation over networks, exploiting memory corruption to bypass security boundaries.

Critical Vulnerabilities Patched

Several critical entries demand immediate attention due to their potential for widespread exploitation.

For instance, CVE-2025-59291 and CVE-2025-59292 involve external control of file paths in Azure Container Instances and Compute Gallery, allowing authorized attackers to escalate privileges locally and potentially compromise cloud workloads.

These elevation of privilege bugs, also critical, highlight ongoing risks in hybrid environments where misconfigurations amplify impact.

Another vulnerability is CVE-2016-9535, a long-standing LibTIFF heap buffer overflow re-addressed in this cycle, which could trigger remote code execution in image-processing scenarios, affecting legacy apps still in use.

The zero-days add urgency: CVE-2025-2884, an out-of-bounds read in TCG TPM2.0 reference implementation, stems from inadequate validation in cryptographic signing functions, leading to information disclosure. Publicly known via CERT/CC, it affects trusted platform modules integral to secure boot processes.

Meanwhile, CVE-2025-47827 enables Secure Boot bypass in IGEL OS versions before 11 through improper signature verification, allowing crafted root filesystems to mount unverified images as a vector for persistent malware.

CVE-2025-59230, another exploited flaw in Windows Remote Access Connection Manager, involves improper access controls for local privilege escalation.

Here is a list of Common Vulnerabilities and Exposures (CVEs). This list includes details about each vulnerability, its type, and its severity.