Patch Tuesday | October 2025

It’s Patch Tuesday! Every 2nd Tuesday of the month, Microsoft and other vendors release regularly scheduled security patches to address vulnerabilities. This month, Microsoft delivers patches for 176 vulnerabilities, including 1 previously disclosed, and two 0-days. We encourage MSPs to prioritize deployment to protect both their infrastructure and client environments from these high-risk vulnerabilities. 

Key Vulnerabilities Addressed 

CVE-2025-59287 – Windows Server Update Service (WSUS) Remote Code Execution Vulnerability 

Impact: Remote Code Execution 

Description: Unsafe deserialization of untrusted data in WSUS allows remote, unauthenticated attackers to execute arbitrary code over a network. Exploitation can occur via crafted events targeting legacy serialization mechanisms. 

Risk: CVSS score of 9.8 and marked “Exploitation More Likely” make this a top priority. 

MSP Relevance: Immediate patching recommended for all WSUS deployments. Review legacy serialization usage and consider isolating WSUS servers from untrusted networks. 

CVE-2025-49708 – Windows Graphics Component Remote Code Execution Vulnerability 

Impact: Remote Code Execution 

Description: A use-after-free vulnerability in Microsoft Graphics Component allows an attacker with guest VM access to compromise the host OS, potentially impacting other VMs. 

Risk: CVSS score of 9.9 and critical impact across virtualized environments. 

MSP Relevance: High priority for environments using virtualization. Patch immediately and review VM isolation strategies. 

CVE-2025-55315 – ASP.NET Security Feature Bypass Vulnerability 

Impact: Security Feature Bypass 

Description: HTTP request/response smuggling in ASP.NET Core allows authenticated attackers to bypass security controls, hijack credentials, and potentially crash servers. 

Risk: CVSS score of 9.9 and broad impact across confidentiality, integrity, and availability. 

MSP Relevance: Critical for web-hosting environments. Apply .NET updates and follow mitigation steps based on your runtime version (.NET 8 or 2.3). Recompile and redeploy as needed. 

CVE-2025-59236 – Microsoft Excel Remote Code Execution Vulnerability 

Impact: Remote Code Execution 

Description: A use-after-free vulnerability in Excel allows local attackers to execute arbitrary code via specially crafted applications. 

Risk: CVSS score of 8.4 and marked critical. 

MSP Relevance: Important for organizations with heavy Excel usage. Patch promptly and monitor for suspicious local activity. 

CVE-2025-59230 – Windows Remote Access Connection Manager Elevation of Privilege Vulnerability 

Impact: Elevation of Privilege 

Description: Improper access control allows local attackers to gain SYSTEM privileges. 

Risk: CVSS score of 7.8 and previous exploitation detected. 

MSP Relevance: Patch on all systems using Remote Access Connection Manager. Monitor for privilege escalation attempts. 

CVE-2025-24990 & CVE-2025-24052 – Windows Agere Modem Driver Elevation of Privilege Vulnerability 

Impact: Elevation of Privilege 

Description: Vulnerabilities in the Agere Modem driver (ltmdm64.sys) allow attackers to gain administrator privileges. Microsoft has removed the driver in the October update. 

Risk: CVSS score of 7.8, previously disclosed and exploited. 

MSP Relevance: High priority for legacy hardware environments. Remove dependencies on fax modem hardware using this driver. 

CVE-2025-59246 & CVE-2025-59218 – Azure Entra ID Elevation of Privilege Vulnerabilities 

Impact: Elevation of Privilege 

Description: Critical vulnerabilities in Azure Entra ID have been fully mitigated by Microsoft. 

Risk: CVSS scores of 9.8 and 9.6 respectively. 

MSP Relevance: No action required, but transparency is appreciated. Continue monitoring Azure Entra ID advisories. 

What This Means for MSPs 

This month’s Patch Tuesday includes 176 CVEs, with 2 actively exploited zero-days and 1 publicly disclosed vulnerability. Several critical vulnerabilities pose significant risks to MSP-managed environments, especially those involving remote code execution, privilege escalation, and security bypasses. 

Recommended MSP Actions: 

Prioritize patching for: 

• WSUS (CVE-2025-59287) – critical RCE with network exposure. 

• Windows Graphics Component (CVE-2025-49708) – hypervisor escape risk. 

• ASP.NET Core (CVE-2025-55315) – HTTP smuggling and credential hijacking. 

• Microsoft Excel (CVE-2025-59236) – local RCE via crafted applications. 

• Remote Access Connection Manager (CVE-2025-59230) – SYSTEM-level privilege escalation. 

Audit and remove dependencies on legacy hardware: 

• Agere Modem Driver (CVE-2025-24990 & CVE-2025-24052) – driver removed; fax modem functionality deprecated. 

Apply .NET mitigations: 

• Ensure updates are installed and applications recompiled/redeployed as needed for ASP.NET Core environments. 

Monitor Azure Entra ID advisories: 

• No action required for CVE-2025-59246 & CVE-2025-59218, but stay informed on cloud identity platform changes. 

Review virtualization security posture: 

• Validate VM isolation and host protections in light of the Graphics Component vulnerability. 

Communicate with clients: 

• Inform stakeholders of high-risk vulnerabilities and confirm patching schedules, especially for internet-facing or business-critical systems.