The October 2025 security update includes 175 Microsoft CVEs, including the agere Windows Modem Driver, Microsoft PowerShell, Windows Failover Cluster, Azure Connected Machine Agent, Microsoft Brokering File System, Virtual Secure Mode, Microsoft Graphics Component, Windows Kernel, Windows Device Association Broker service, Windows Digital Media, Windows Hello, Windows Digital Media, Microsoft Exchange Server, Visual Studio,.NET,.NET Framework, Visual Studio, Azure Monitor, Windows Storage Management Provider, Windows BitLocker, Windows PrintWorkflowUserSvc, and Windows BitLocker.
Microsoft October 2025 Security Updates
The October 2025 security update release includes 175 Microsoft CVEs, including the Agere Windows Modem Driver, Microsoft PowerShell, Windows Failover Cluster, Azure Connected Machine Agent, Microsoft Brokering File System, Virtual Secure Mode, Microsoft Graphics Component, Windows Kernel, Windows Device Association Broker service, Windows Digital Media, Windows Hello, Windows Digital Media, Windows Exchange Server, Visual Studio, .NET, .NET Framework, Visual Studio, ASP.NET Core, Microsoft Configuration Manager, Azure Monitor, Windows Storage Management Provider, Connected Devices Platform Service (Cdpsvc), Windows Hyper-V, and Windows BitLocker.
The following vulnerabilities are identified in Windows DirectX, Windows Kernel, Windows Routing and Remote Access Service (RRAS), Microsoft Windows, Windows Ancillary Function Driver for WinSock, Microsoft Windows Speech, Windows Routing and Remote Access Service (RRAS), Remote Desktop Client, Connected Devices Platform Service (Cdpsvc), Windows Cryptographic Services, Windows DWM, Azure Connected Machine Agent, Windows COM, Windows SMB Server, Windows Connected Devices Platform Service, Windows Bluetooth Service, Windows Local Session Manager (LSM), Inbox COM Objects, Windows File Explorer, and Windows High Availability Services.
These vulnerabilities have been identified as potential security threats to various systems, including Windows DirectX, Windows Kernel, Windows Routing and Remote Access Service (RRAS), Microsoft Windows, Windows Speech, Windows Speech, Windows Routing and Remote Access Service (RRAS), Windows DWM, Azure Connected Machine Agent, Windows COM, Windows SMB Server, Windows Connected Devices Platform Service, Windows Bluetooth Service, Windows Local Session Manager (LSM), Inbox COM Objects, Windows Remote Desktop, Windows File Explorer, and Windows High Availability Services.
The following vulnerabilities are identified in the Microsoft software:
- Windows Management Services (CVE-2025-59204)
- Microsoft Graphics Component (CVE-2025-59205)
- Windows Resilient File System (ReFS) Deduplication Service (CVE-2025-59206)
- Windows Kernel (CVE-2025-59207)
- Windows MapUrlToZone (CVE-2025-59208)
- Windows Push Notification Core (CVE-2025-59209)
- Windows Configuration Manager (CVE-2025-59213)
- Windows File Explorer (CVE-2025-59214)
- Azure Entra ID (CVE-2025-59218)
- Microsoft Office Word (CVE-2025-59221)
- Microsoft Office Word (CVE-2025-59222)
- Microsoft Office Excel (CVE-2025-59225)
- Microsoft Office Visio (CVE-2025-59226)
- Microsoft Office SharePoint (CVE-2025-59227)
- Microsoft Office Excel (CVE-2025-59229)
- Microsoft Office PowerPoint (CVE-2025-59238)
These vulnerabilities have been categorized into five types: exceptional, unexpected, and unsafe. The first type is a vulnerability that can be exploited by unauthorized users to gain access to system resources or data
The following list of vulnerabilities is a comprehensive list of vulnerabilities that are not part of Microsoft's security update guide. These vulnerabilities include Copilot, Windows Authentication Methods, Windows SMB Client, Xbox Gaming Services, Inbox COM Objects, Windows NTLM, Azure Monitor Agent, Copilot, GitHub, Windows Bluetooth Service, Windows Taskbar Live, Internet Explorer, Azure Monitor Agent, Microsoft Defender for Linux, and Windows Remote Procedure Call.
The list includes 21 non-Microsoft CVEs, including CNA tags, CVE FAQs, workarounds, and mitigations. These vulnerabilities include Microsoft Graphics Component (CVE-2016-9535), AMD Restricted Memory Page (CVE-2025-0033), Chrome Edge (Chromium-based) CVEs (2025-11205, 2025-11206, 2025-11207, 2025-11210, 2025-11211, 2025-11215, 2025-11216, 2025-11219, 2025-1111458, 2025-11460, CERT/CC TCG TPM2.0 CVE-2025-2884, MITRE Windows Secure Boot CVE-2025-47827, GitHub Visual Studio CVE-2025-54132, MITRE Microsoft Windows Codecs Library CVE-2025-54957, and MITRE Games CVE-2025-59489.
Security Update Guide - Microsoft Security Response Center
