Today is the monthly Windows Update day.
The monthly Windows Update, which delivers security updates and bug fixes for Windows, has been released. The Windows Update released on October 15, 2025 (Japan time) includes seven 'Critical' updates and seven 'Important' updates. It also reiterated that support for Windows 10 will end on October 14, 2025.
October 2025 security updates (monthly)
https://www.microsoft.com/en-us/msrc/blog/2025/10/202510-security-update
The October 2025 Microsoft monthly security update has been released. Updates are automatic by default. For organizations that manage updates, we have published an overview on our blog. Please refer to it and deploy updates as soon as possible. #security #updates #Microsoft … pic.twitter.com/3O42umOlYf
— Microsoft Security Team (@JSECTEAM) October 14, 2025
The October 2025 security updates fixed a total of 172 vulnerabilities, including 80 privilege escalation vulnerabilities that could allow an attacker to hijack administrative privileges, 31 remote code execution vulnerabilities that could allow an attacker to execute malicious programs remotely, 28 information disclosure vulnerabilities, 11 security feature bypass vulnerabilities, 11 denial of service vulnerabilities, and 10 spoofing vulnerabilities.
The list of security updates for October 2025 is as follows:
| Target products | maximum severity | The biggest impact | Related knowledge base articles or support web pages |
|---|---|---|---|
| Windows 11 | emergency | Remote code execution possible | v25H2, v24H2 5066835 v23H2, v22H2 5066793 |
| Windows 10 v22H2 | emergency | Remote code execution possible | v22H2 5066791 |
| Windows Server 2025 (including Server Core installation) | emergency | Remote code execution possible | 5066835 |
| Windows Server 2022, 23H2 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2022 5066782 Windows Server 23H2 5066780 |
| Windows Server 2019, 2016 (including Server Core installation) | emergency | Remote code execution possible | Windows Server 2019 5066586 Windows Server 2016 5066836 |
| Microsoft Remote Desktop and related services | important | Remote code execution possible | https://learn.microsoft.com/troubleshoot/windows-server/remote/remote-desktop-services-overview |
| Microsoft Office | emergency | Remote code execution possible | https://learn.microsoft.com/officeupdates |
| Microsoft SharePoint | important | Remote code execution possible | https://learn.microsoft.com/officeupdates/sharepoint-updates |
| Microsoft Exchange Server | important | Remote code execution possible | https://learn.microsoft.com/exchange Released: October 2025 Exchange Server Security Updates |
| Microsoft .NET and .NET Framework | important | Privilege Escalation | https://learn.microsoft.com/dotnet https://learn.microsoft.com/dotnet/framework |
| Microsoft Visual Studio | important | Privilege Escalation | https://learn.microsoft.com/visualstudio |
| Microsoft SQL Server | important | Impersonation | https://learn.microsoft.com/sql |
| Microsoft Azure | emergency | Privilege Escalation | https://learn.microsoft.com/azure |
| System Center | important | Privilege Escalation | https://learn.microsoft.com/system-center |
Of particular note are six zero-day vulnerabilities, some of which have been exploited before patches were released, or which have already been discovered. These zero-day vulnerabilities include CVE-2025-59230 , which could allow an attacker to gain unauthorized system privileges, and CVE-2025-47827 , which could allow an attacker to bypass the Secure Boot feature. Additionally, a specific modem driver (ltmdm64.sys) was removed due to the risk of vulnerabilities being exploited. This means that fax modem hardware that relies on this driver will no longer function.
Additionally, Windows 11 released cumulative updates including security fixes, KB5066835 for version 25H2/24H2 and KB5066793 for version 23H2. These updates include several new features and improvements, including AI-related features that allow you to blur the background of images and erase unwanted objects directly from File Explorer, as well as the ability to summarize documents on OneDrive and SharePoint without opening them. However, some of these AI features are not available in the European Economic Area (EEA).
Improvements to the user interface include the ability to freely change the position of indicators that appear on the screen when adjusting volume, brightness, etc. Additionally, the accessibility feature 'Narrator' now includes a new 'Braille Viewer' function that simultaneously displays on-screen text and the corresponding braille.
Additionally, this update will be the last free security update provided to general users of Windows 10. To continue receiving security updates for Windows 10, personal users will need to subscribe to a paid Extended Security Updates (ESU) plan for up to one year, and corporate users will need to subscribe to a paid Extended Security Updates (ESU) plan for up to three years.
Windows Update is released on the second Tuesday of every month in the US, and the next update is scheduled to be available on Wednesday, November 12, 2025, Japan time.
Related Posts:
