In its October 2025 Patch Tuesday release, Microsoft addressed a total of 167 Common Vulnerabilities and Exposures (CVEs), marking the largest patch rollout in the company’s history. This release features seven critical vulnerabilities and 158 important ones, raising concerns regarding system security and user data protection. Notably, the update includes major patches for critical services such as .NET, Microsoft Exchange Server, and Active Directory Federation Services.
Among the patched vulnerabilities, elevation of privilege (EoP) vulnerabilities account for 47.9% of the total, with remote code execution (RCE) vulnerabilities following at 17.4%. The two zero-day vulnerabilities disclosed, CVE-2025-24052 and CVE-2025-24990, were particularly alarming as they had been exploited in the wild before the update was made available. The swift action taken by Microsoft is crucial for mitigating the risks posed by these vulnerabilities, as attackers could gain elevated privileges on affected systems.
Failure to apply these patches promptly could leave organizations vulnerable to widespread attacks. Consequently, this significant rollout emphasizes the necessity for organizations to prioritize software updates to ensure the integrity of their IT environments. Moreover, the volume of critical patches in this update serves as a reminder of the evolving threat landscape, highlighting the importance of proactive cybersecurity measures and ongoing vigilance.
👉 Pročitaj original: Tenable Research
