October 2025 Patch Tuesday: Addressing Vulnerabilities in Windows Server Update Service and Legacy Modem Drivers

Microsoft’s October Patch Tuesday has revealed a significant wave of vulnerabilities, addressing 167 issues—the highest number fixed in a single release this year. Among these, seven vulnerabilities have been classified as critical, necessitating immediate attention from Chief Information Security Officers (CISOs).

Key Vulnerabilities

1. Windows Server Update Service (WSUS) Exploit

   • CVE-2025-59287: This remote code execution vulnerability in WSUS has a frightening CVSSv3 score of 9.8, categorized as ‘Exploitation More Likely’ according to Microsoft’s Exploitability Index. An attacker could exploit this flaw by sending a specially crafted event to achieve remote code execution, compromising the patch management infrastructure crucial for organizational security.

2. Microsoft Office Vulnerabilities

   • CVE-2025-59227 and CVE-2025-59234: These two vulnerabilities allow remote code execution through social engineering tactics, where an attacker sends a malicious Office document. Notably, exploitation can occur even without opening the attachment, merely by previewing it in an email.

3. Agere Modem Driver Issues

   • CVE-2025-24990 and CVE-2025-24052: Both flaws in the Agere modem driver have been exploited. The first is actively used in the wild, while the second was publicly disclosed before being patched. Microsoft’s response includes removing the outdated driver from Windows systems, severely impacting users relying on it.

Additional Critical Vulnerabilities

• Windows Remote Access Connection Manager (RasMan): A zero-day elevation of privilege vulnerability (CVE-2025-59230) that has also been exploited.
• AMD Secure Processor Vulnerability: Vulnerability (CVE-2025-0033) that affects cloud infrastructure’s security boundaries. Remediation efforts are still in development.

Urgency in Patching

CISO Mike Walters has emphasized the critical nature of these vulnerabilities, particularly the WSUS exploit, as they put significant sections of organizational security at risk. Addressing these vulnerabilities requires not just patching efforts but also a thorough review of the patch management architecture and WSUS server network exposure.

End of Support for Windows 10

Admins are reminded that as of October 14, security updates for Windows 10 will cease unless enrolled in the Extended Security Updates (ESU) program.

IGEL OS Vulnerability

In addition to Microsoft’s vulnerabilities, IGEL OS has a secure boot bypass vulnerability (CVE-2025-47827), which has been actively exploited. This can enable attackers to deploy kernel-level rootkits, making this a critical patch for administrators.

SAP Security Updates

SAP has also released critical security notes, particularly addressing deserialization vulnerabilities, with a CVSS score of 10.0. Organizations are advised to prioritize updates for internet-facing services and critical infrastructure elements.

In conclusion, October 2025’s Patch Tuesday has highlighted the vulnerability landscape that organizations are grappling with. It is imperative for IT and security teams to act swiftly to mitigate the risks posed by these significant threats.