“October is the largest Patch Tuesday release to date. Microsoft fixed 167 vulnerabilities this month, surpassing the previous record of 157 CVEs set in January 2025. With two months remaining this year, we’ve already blown last year’s tally of 1,009 CVEs patched, as this month’s release brings us up to 1,021 CVEs patched.Please note that our counts omit CVEs that were patched prior to Patch Tuesday or that do not list Microsoft as the issuer.
“The two most notable vulnerabilities this month are in Agere Modem, a third-party modem driver that has been included in Windows operating systems for almost 20 years. The two flaws are CVE-2025-24990, which was exploited in the wild as a zero-day, and CVE-2025-24052, which was publicly disclosed prior to this Patch Tuesday release. Even if the modem is not in use, it remains vulnerable to exploitation, which could give an attacker administrator privileges. The fix for this flaw is telling: Microsoft is removing the driver, ltmdm64.sys, from Windows operating systems through the October cumulative update.
“CVE-2025-59230, a zero-day elevation of privilege vulnerability in Windows Remote Access Connection Manager (also known as RasMan), a service used to manage remote network connections through virtual private networks (VPNs) and dial-up networks, was also exploited in the wild. While RasMan is a frequent flyer on Patch Tuesday, appearing more than 20 times since January 2022, this is the first time we’ve seen it exploited in the wild as a zero day.
“Microsoft Office users should also take note of CVE-2025-59227 and CVE-2025-59234, a pair of remote code execution bugs that take advantage of “Preview Pane,” meaning that the target doesn’t even need to open the file for exploitation to occur. To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.” – Satnam Narang, senior staff research engineer, Tenable