Hey there!
Hope your Tuesday is going smoothly or at least as smooth as Patch Tuesday can be! Today's update is huge for a couple of reasons: we've got 172 vulnerabilities to patch (including 6 zero-days), and we're saying goodbye to an old friend. Windows 10 just received its final free security update after a decade of service.
Let's break down what you need to know and what actions you should take right now.
Windows 10: The Final Curtain Call
Today marks the official end of support for Windows 10. Microsoft released KB5066791 as the final cumulative update for Windows 10 versions 20H2, 21H2, and 22H2, updating builds to 19044.6456 and 19045.6456. After today, Windows 10 devices will no longer receive security updates, bug fixes, or technical support unless enrolled in the Extended Security Updates (ESU) program.
What this means for your environment:
Devices remaining on Windows 10 without ESU will be increasingly vulnerable to security threats as new vulnerabilities are discovered
Microsoft 365 apps will continue to function on Windows 10 until October 10, 2028, though feature updates stop after August 2026
The consumer ESU program provides protection for up to one year after October 14, 2025
Your immediate action items:
Identify all Windows 10 devices in your environment that haven't upgraded
Prioritize Windows 11 migrations for compatible hardware
Enroll critical Windows 10 systems in the ESU program if immediate migration isn't possible
Organizations can purchase ESU for up to three additional years, though costs increase annually
Microsoft Office 2016 and Office 2019 also reached end of support yesterday, October 14, 2025, alongside Windows 10. Unlike Windows, there are no Extended Security Updates available for Office. Microsoft has made it clear there will be no extension and no ESU program. While Office 2016 and 2019 will continue to function, they will no longer receive security updates, bug fixes, or technical support, exposing organizations to serious security risks.
October 2025 Patch Tuesday: By the Numbers
This month's Patch Tuesday is one of the largest releases we've seen. Here's what Microsoft addressed:
The headline stats:
172 vulnerabilities patched total, including 6 zero-day flaws
8 Critical vulnerabilities (5 RCE, 3 elevation of privilege)
4 zero-days with 2 actively exploited in the wild
80 Elevation of Privilege vulnerabilities (47.9% of all patches)
29 Remote Code Execution vulnerabilities (17.4%)
The Zero-Days You Need to Patch NOW
Let's talk about the most critical issues—the zero-days that are either publicly disclosed or actively exploited:
Actively Exploited (Patch These First!)
CVE-2025-59230 - Windows Remote Access Connection Manager EoP
Elevation of privilege vulnerability allowing attackers to gain administrative access
This is the first reported RasMan CVE to be exploited as a zero-day
Being actively exploited by threat actors in the wild
Priority: CRITICAL - Deploy immediately
CVE-2025-24990 & CVE-2025-24052 - Windows Agere Modem Driver EoP
Microsoft is removing the Agere Modem driver (ltmdm64.sys) that was abused to gain administrative privileges
All supported versions of Windows can be affected even if the modem is not actively being used
The driver has been completely removed in the October cumulative update
Priority: CRITICAL - Deploy immediately
Publicly Disclosed Zero-Days
CVE-2025-55234 - Windows SMB Elevation of Privilege
Publicly disclosed vulnerability affecting all Windows OS versions with a CVSS score of 8.8
Allows authenticated attackers to escalate privileges
Priority: HIGH - Deploy within 48 hours
CVE-2025-47827 - IGEL OS Secure Boot Bypass
Secure Boot can be bypassed because the igel-flash-driver module improperly verifies cryptographic signatures
Affects IGEL OS before version 11
Priority: HIGH if you use IGEL thin clients
CVE-2025-2884 - TCG TPM 2.0 Out-of-Bounds Read
Vulnerability in TCG TPM2.0 Reference implementation that could lead to information disclosure or denial of service
Affects systems with TPM 2.0
Priority: MEDIUM - Include in normal patching cycle
Critical RCE Vulnerabilities
Beyond the zero-days, pay special attention to these critical remote code execution flaws:
CVE-2025-59234 & CVE-2025-59236 - Microsoft Office/Excel RCE
Use-after-free vulnerabilities in Microsoft Office and Excel that enable remote code execution when users open malicious files
CVSS scores around 7.8, requiring no authentication, could allow attackers to gain full system control
Social engineering via email attachments is the likely attack vector
Action: Deploy patches and remind users about suspicious email attachments
CVE-2025-59287 - Windows Server Update Service (WSUS) RCE
Critical vulnerability with a CVSS score of 9.8 allowing unauthenticated remote code execution
An attacker could exploit this by sending a crafted event that leads to deserialization of untrusted data
Prime target for supply-chain attacks
Priority: CRITICAL for environments using WSUS
Windows 11 Updates: KB5066835 & KB5066793
Windows 11 users aren't left out—there's good news and important updates:
For Windows 11 24H2 and 25H2 (KB5066835):
Includes Click to Do improvements with new AI-powered summarization, File Explorer AI actions for images and documents, and Windows Share pinning for favorite apps
Build numbers: 26100.6899 (24H2) and 26200.6899 (25H2)
For Windows 11 23H2 (KB5066793):
This is the second-to-last update for version 23H2, with support ending in November 2025
Build number: 22631.6060
Action: Plan migrations from 23H2 to 24H2 or 25H2 before next month
Your Patch Tuesday Action Plan
Here's your step-by-step guide to handling this month's updates:
Phase 1: Immediate (Today)
Deploy KB5066791 to all Windows 10 systems as the final free update
Test and deploy patches for the 2 actively exploited zero-days (CVE-2025-59230, CVE-2025-24990/24052)
Prioritize WSUS servers if you use them (CVE-2025-59287)
Phase 2: Within 48 Hours
Deploy remaining zero-day patches (CVE-2025-55234, CVE-2025-47827)
Patch Office/Excel RCE vulnerabilities (CVE-2025-59234, CVE-2025-59236)
Update all Windows 11 systems with KB5066835/KB5066793
Phase 3: This Week
Complete full deployment across all remaining systems
Verify all systems have successfully installed updates
Document any systems that failed to patch for follow-up
Phase 4: Next Week
Begin Windows 10 to Windows 11 migration planning for compatible hardware
Set up ESU enrollment for Windows 10 devices that must stay
Create timeline for migrating Windows 11 23H2 systems before November
Common Patching Issues & Quick Fixes
Based on what we're seeing in the field, here are some troubleshooting tips:
Windows Update Stuck or Hanging
# Stop Windows Update services
Stop-Service -Name wuauserv, bits, cryptsvc
# Clear the update cache
Remove-Item -Path C:\Windows\SoftwareDistribution\* -Recurse -Force
# Restart services
Start-Service -Name wuauserv, bits, cryptsvc
# Try the update again
Update Installation Fails with Error 0x80070002
# Run DISM to repair the Windows image
DISM /Online /Cleanup-Image /RestoreHealth
# Run System File Checker
sfc /scannow
# Reboot and retry the update
Windows Update Service Won't Start
# Reset Windows Update components
net stop wuauserv
net stop bits
ren C:\Windows\SoftwareDistribution SoftwareDistribution.old
ren C:\Windows\System32\catroot2 catroot2.old
net start wuauserv
net start bits
Checking Patch Installation Status Across Multiple Machines
# Query installed updates remotely
Get-HotFix -ComputerName SERVER01, SERVER02 |
Where-Object {$_.InstalledOn -gt (Get-Date).AddDays(-7)} |
Select-Object PSComputerName, HotFixID, InstalledOn |
Format-Table -AutoSize
# Check for specific KB
Get-CimInstance -ClassName Win32_QuickFixEngineering |
Where-Object {$_.HotFixID -eq "KB5066835"}
Force Windows Update to Check for Updates
# Using PowerShell (works without admin rights)
(New-Object -ComObject Microsoft.Update.AutoUpdate).DetectNow()
# Or use the Update Session
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
$SearchResult = $UpdateSearcher.Search("IsInstalled=0")
Pre-Patching Checklist
Before you start deploying patches, run through this checklist:
Backup critical systems - Check backups, take snapshots of VMs, backup databases
Test in dev/staging first - Never deploy directly to production without testing
Check disk space - Updates need at least 10GB free space
Review known issues - Check Microsoft's release notes for documented problems
Schedule maintenance window - Coordinate with stakeholders for any reboots
Document baseline - Note current system state before patching
Prepare rollback plan - Know how to uninstall updates if needed
Post-Patching Verification
After deploying updates, verify everything is working:
Check Patch Installation
# Verify latest update installed
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5
# Check for pending reboots
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" -ErrorAction SilentlyContinue
Verify System Stability
# Check recent error logs
Get-EventLog -LogName System -EntryType Error -Newest 20 |
Select-Object TimeGenerated, Source, Message
# Monitor system health
Get-CimInstance -ClassName Win32_OperatingSystem |
Select-Object LastBootUpTime, FreePhysicalMemory, TotalVisibleMemorySize
Need the Complete CVE List?
This newsletter covers the most critical vulnerabilities, but there are 160+ additional CVEs patched this month. For the complete breakdown of all 172 vulnerabilities, check out:
Microsoft Security Response Center: https://msrc.microsoft.com/update-guide
Detailed Analysis: https://www.sysopsx.com/p/october-2025-patch-tuesday
The Bottom Line
This Patch Tuesday is historic for two reasons: it's the largest patch release in recent memory, and it marks the end of Windows 10's free support. The combination of 6 zero-days (including 2 actively exploited) and the Windows 10 EOL makes this one of the most critical patch cycles we've seen.
Your priority order:
Patch the actively exploited zero-days immediately
Deploy Windows 10's final update (KB5066791)
Begin Windows 10 migration or ESU enrollment planning
Complete remaining patches within your normal maintenance window
Don't put this off, threat actors are already exploiting some of these vulnerabilities in the wild.
Found this helpful? Forward this newsletter to your fellow IT pros who might be scrambling with today's patches. They'll thank you later!
Got patching war stories from today? Hit reply and let me know how your deployment went. I'd love to hear what issues you ran into and how you solved them. We're all in this together!
Stay patched and stay secure,
Your friendly neighborhood sysadmin