Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

“3 Persistent Privileged Access Methods in Active Directory: How Attackers Stick the Landing with AdminSdHolder, SIDHistory, DCShado”

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

October, 2025: Patch Tuesday - 172 Updates Today and 6 Zero-Days!

Welcome to my October Patch Tuesday newsletter. Today Microsoft released a whooping 172 updates and an additional 41 in the past month for a total of 213 updates in the past 30 days. Wow, so let's get started.

We have SIX zero-days to look at...yes you read that right...six!

First is CVE-2025-24052. This Elevation of Privilege affects various flavors of MS OS's and is publicly disclosed. MS have given this an exploitability rating of "Exploitation More Likely".

CVE-2025-59230 is another Elevation of Privilege with a fairly high CVSS score of 7.2. MS rates this as only Important but keep in mind that it exploitation has been detected.

Next is CVE-2025-24990. This Elevation of Privilege is being publicly exploited. An attacker who is successful could gain admin rights. Even though this affects the 3rd party Agere Modem driver, it does not need to be in use to be vulnerable. Being that this driver ships natively with Windows OS's, you will want to update ASAP.

We also have CVE-2025-47827. With a CVSS score of 4.3 I would recommend you still get this one updated as soon as you can because it is not only public but also being exploited. So don't shrug this one off as not important.

CVE-2025-0033 is a vulnerability in AMD EPYC processors. This Remote Code Execution vulnerability is publicly disclosed and rated 7.1 and Critical. So get this one updated ASAP.

Probably the least most important zero day this month is CVE-2025-2884. Although this is publicly disclosed, it has a CVSS score of only 4.6.

Besides these we have 16 CVE's that are rated critical. Note that in the "Apps" section of the chart below I left out a long list of video game titles that MS included in their patch information. I'm not sure of many organizations that allow gaming at work but if you are a gamer on your workstation then you'll want to visit CVE-2025-59489 and scroll to the bottom of the page to see if there are any games you need to uninstall or update.

So, we do have a good bit of updating that needs to be done. I can't remember that last time we've surpassed 200+ updates in a month. You will want to download, update and reboot those systems. See you next month!

Happy patching!

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client for Windows Desktop	Critical	CVE-2016-9535 CVE-2025-24052** CVE-2025-24990* CVE-2025-25004 CVE-2025-2884** CVE-2025-47827* CVE-2025-47979 CVE-2025-48004 CVE-2025-48813 CVE-2025-49708 CVE-2025-50152 CVE-2025-50174 CVE-2025-50175 CVE-2025-53139 CVE-2025-53150 CVE-2025-53717 CVE-2025-53768 CVE-2025-54957 CVE-2025-55325 CVE-2025-55326 CVE-2025-55328 CVE-2025-55330 CVE-2025-55331 CVE-2025-55332 CVE-2025-55333 CVE-2025-55334 CVE-2025-55335 CVE-2025-55336 CVE-2025-55337 CVE-2025-55338 CVE-2025-55339 CVE-2025-55340 CVE-2025-55676 CVE-2025-55677 CVE-2025-55678 CVE-2025-55679 CVE-2025-55680 CVE-2025-55681 CVE-2025-55682 CVE-2025-55683 CVE-2025-55684 CVE-2025-55685 CVE-2025-55686 CVE-2025-55687 CVE-2025-55688 CVE-2025-55689 CVE-2025-55690 CVE-2025-55691 CVE-2025-55692 CVE-2025-55693 CVE-2025-55694 CVE-2025-55695 CVE-2025-55696 CVE-2025-55697 CVE-2025-55698 CVE-2025-55699 CVE-2025-55700 CVE-2025-55701 CVE-2025-58714 CVE-2025-58715 CVE-2025-58716 CVE-2025-58717 CVE-2025-58718 CVE-2025-58719 CVE-2025-58720 CVE-2025-58722 CVE-2025-58725 CVE-2025-58726 CVE-2025-58727 CVE-2025-58728 CVE-2025-58729 CVE-2025-58730 CVE-2025-58731 CVE-2025-58732 CVE-2025-58733 CVE-2025-58734 CVE-2025-58735 CVE-2025-58736 CVE-2025-58737 CVE-2025-58738 CVE-2025-58739 CVE-2025-59184 CVE-2025-59185 CVE-2025-59186 CVE-2025-59187 CVE-2025-59188 CVE-2025-59189 CVE-2025-59190 CVE-2025-59191 CVE-2025-59192 CVE-2025-59193 CVE-2025-59194 CVE-2025-59195 CVE-2025-59196 CVE-2025-59197 CVE-2025-59198 CVE-2025-59199 CVE-2025-59200 CVE-2025-59201 CVE-2025-59202 CVE-2025-59203 CVE-2025-59204 CVE-2025-59205 CVE-2025-59206 CVE-2025-59207 CVE-2025-59208 CVE-2025-59209 CVE-2025-59210 CVE-2025-59211 CVE-2025-59214 CVE-2025-59215 CVE-2025-59216 CVE-2025-59220 CVE-2025-59230* CVE-2025-59241 CVE-2025-59242 CVE-2025-59244 CVE-2025-59253 CVE-2025-59254 CVE-2025-59255 CVE-2025-59257 CVE-2025-59258 CVE-2025-59259 CVE-2025-59260 CVE-2025-59261 CVE-2025-59275 CVE-2025-59277 CVE-2025-59278 CVE-2025-59280 CVE-2025-59282 CVE-2025-59284 CVE-2025-59287 CVE-2025-59289 CVE-2025-59290 CVE-2025-59294 CVE-2025-59295 CVE-2025-59502	Workaround: No Exploited: Yes* Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing Tampering
Edge	Chromium-based Edge for Android	Important	CVE-2025-10200 CVE-2025-10201 CVE-2025-10500 CVE-2025-10501 CVE-2025-10502 CVE-2025-10585 CVE-2025-10890 CVE-2025-10891 CVE-2025-10892 CVE-2025-11205 CVE-2025-11206 CVE-2025-11207 CVE-2025-11208 CVE-2025-11209 CVE-2025-11210 CVE-2025-11211 CVE-2025-11212 CVE-2025-11213 CVE-2025-11215 CVE-2025-11216 CVE-2025-11219 CVE-2025-11458 CVE-2025-11460 CVE-2025-47967 CVE-2025-59251	Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Office	365 Apps for Enterprise Access/Excel/PowerPoint/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Office for Android Office Online Server	Critical	CVE-2025-10200 CVE-2025-59221 CVE-2025-59222 CVE-2025-59228 CVE-2025-59232 CVE-2025-59235 CVE-2025-59237	Workaround: No Exploited: No Public: No	Denial of Service Information Disclosure Remote Code Execution
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Important	CVE-2025-59221 CVE-2025-59222 CVE-2025-59228 CVE-2025-59232 CVE-2025-59235 CVE-2025-59237	Workaround: No Exploited: No Public: No	Information Disclosure Remote Code Execution
SQL Server	JDBC Driver versions 10.2, 11.2, 12.10, 12.2, 12.4, 12.6, 12.8, 13.2	Important	CVE-2025-59250	Workaround: No Exploited: No Public: No	Spoofing
Azure	Arc Enabled Servers - Azure Connected Machine Agent Cache for Redis Enterprise Compute Gallery Confidential Compute VM SKU DCasv5/DCadsv5, DCasv6/DCadsv6, ECasv5/EDCadsv5, ECasv6/ECadsv6 Managed Redis Monitor and Monitor Agent PlayFab MS Entra ID	Critical	CVE-2025-0033** CVE-2025-47989 CVE-2025-55321 CVE-2025-58724 CVE-2025-59218 CVE-2025-59246 CVE-2025-59247 CVE-2025-59271 CVE-2025-59285 CVE-2025-59291 CVE-2025-59292 CVE-2025-59494	Workaround: No Exploited: No Public: Yes**	Elevation of Privilege Remote Code Execution Spoofing
Apps	MS 365 Copilot's Business Chat MS 365 Word Copilot Mesh for Meta Quest Mesh PC Applications PC Manager Xbox Gaming Services Various Xbox Games (See note above)	Critical	CVE-2025-49728 CVE-2025-59252 CVE-2025-59272 CVE-2025-59281 CVE-2025-59286 CVE-2025-59489	Workaround: No Exploited: No Public: No	Elevation of Privilege Security Feature Bypass Spoofing
Developer Tools	.NET 8.0/9.0 on Linux, MacOS, Windows ASP.NET Core 2.3, 8.0, 9.0 .NET Framework 2.0SP2, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 Visual Studio 2017 15.0-15.8, 2019 16.0-16.10, 2022 17.10-17.14 and Code Powershell 7.4, 7.5	Important	CVE-2025-25004 CVE-2025-54132 CVE-2025-55240 CVE-2025-55247 CVE-2025-55248 CVE-2025-55315 CVE-2025-55319	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Open Source Software	microsoft/playwright	Moderate	CVE-2025-59288	Workaround: No Exploited: No Public: No	Spoofing
Exchange	2016 CU23 2019 CU14, CU15 Subscription Edition RTM	Important	CVE-2025-53782 CVE-2025-59248 CVE-2025-59249	Workaround: No Exploited: No Public: No	Elevation of Privilege Spoofing
System Center	Configuration Manager 2403, 2409, 2503 Defender for Endpoint for Linux	Important	CVE-2025-55320 CVE-2025-59213 CVE-2025-59497	Workaround: No Exploited: No Public: No	Elevation of Privilege Denial of Service
Other	OmniParser	Important	CVE-2025-55322	Workaround: No Exploited: No Public: No	Remote Code Execution

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

October 2025 Patch Tuesday	"Patch Tuesday - 172 Updates Today and 6 Zero-Days! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.