All news with #patch tuesday tag

🎃 Microsoft’s free Windows 10 updates have largely ended, with EEA consumers receiving free Extended Security Updates through Oct 14, 2026, while most other users must pay. Q3 telemetry shows roughly 35,000 CVEs through September, averaging about 130 new entries per day, and a rising set of Known Exploited Vulnerabilities (KEV) that widen vendor and network impact. Talos also launched the Tool Talk series, offering a hands-on guide to dynamic binary instrumentation with DynamoRIO for malware analysis and runtime inspection.

🔒 Microsoft confirmed that Windows updates released on and after August 29, 2025 enforce additional SID checks that can break Kerberos and NTLM authentication on devices with duplicate Security Identifiers (SIDs). Affected systems — including Windows 11 24H2, Windows 11 25H2, and Windows Server 2025 — may experience failed Remote Desktop sessions, SEC_E_NO_CREDENTIALS event errors, and "access denied" messages. The fault commonly arises when images are duplicated without using Sysprep. Microsoft recommends rebuilding impacted machines with supported imaging procedures or obtaining a temporary Group Policy from Support as an interim measure.

🚨 The October 2025 Windows security update KB5066835, intended to move cryptography from CSP to KSP, is causing widespread enterprise disruption. Affected platforms — including Windows 10 (22H2), Windows 11 (23H2–25H2) and several Windows Server releases — report smartcard and certificate failures, USB mouse/keyboard loss in WinRE, IIS ERR_CONNECTION_RESET and WUSA installation errors. Microsoft published a registry workaround (DisableCapiOverrideForRSA=0) and an out‑of‑band update (KB5070773) for some issues, but urges caution and recommends thorough testing before broad deployment.

⚠️ Microsoft confirmed that the September 2025 security updates are causing Active Directory synchronization problems on Windows Server 2025, affecting applications that use the DirSync control such as Microsoft Entra Connect Sync. The issue can result in incomplete synchronization of large AD security groups exceeding 10,000 members. Microsoft recommends a registry workaround (DWORD 2362988687 = 0) while engineers work on a fix, and warns about risks of editing the registry.

🔒 Microsoft’s October Patch Tuesday delivers updates for 172 vulnerabilities, including six classed as zero-days. Three of those zero-days are being actively exploited, affecting the Windows Remote Access Connection Manager (CVE-2025-59230), an Agere modem kernel driver, and a secure-boot bypass in IGEL OS (CVE-2025-47827). Microsoft has removed the legacy Agere driver rather than patch it, citing risks in modifying unsupported code. This release also marks the final free Patch Tuesday for Windows 10; continued updates will require the Extended Security Updates (ESU) program.

🔒 Microsoft released updates addressing 183 vulnerabilities across its products, including three flaws now known to be exploited in the wild. Two Windows zero-days — CVE-2025-24990 (Agere modem driver, ltmdm64.sys) and CVE-2025-59230 (RasMan) — can grant local elevation of privilege; Microsoft plans to remove the legacy Agere driver rather than patch it. A third exploited issue bypasses Secure Boot in IGEL OS (CVE-2025-47827). With Windows 10 support ending unless enrolled in ESU, organizations should prioritize these fixes; CISA has added the three to its KEV catalog and set a federal remediation deadline.

🔒 Microsoft’s October Patch Tuesday addresses 167 vulnerabilities, including seven rated critical that require immediate CISO attention. Notable fixes include a 9.8 RCE in Windows Server Update Service (WSUS) (CVE-2025-59287) and two Office RCEs exploitable via the Preview Pane. Two legacy Agere modem driver flaws include an in-the-wild zero day and a prior public disclosure, prompting Microsoft to remove ltmdm64.sys from Windows. Administrators should prioritize internet-facing services, kernel-mode drivers, and review WSUS exposure and patch management architecture.

⚠️ Microsoft’s October 2025 updates close 172 security holes and include at least two actively exploited zero‑days. The company removed a decades-old Agere modem driver to mitigate CVE-2025-24990 and patched an elevation-of-privilege zero-day in RasMan (CVE-2025-59230). A critical unauthenticated RCE in WSUS (CVE-2025-59287) carries a 9.8 threat score and should be prioritized. This release also marks the end of security updates for Windows 10, prompting ESU enrollment or migration options.

🛡️ Microsoft’s October 2025 Patch Tuesday addresses 175 Microsoft CVEs and 21 non‑Microsoft CVEs, including 17 rated critical and 11 marked important, with three already observed exploited in the wild. Talos highlights active exploitation of CVE-2025-24990 (Agere Modem driver), CVE-2025-59230 (Remote Access Connection Manager), and CVE-2025-47827 (IGEL OS Secure Boot bypass) and urges prompt remediation. Cisco Talos also published new Snort rules to detect many of these exploits and recommends updating patches, removing unsupported drivers, and refreshing IDS/IPS signatures.

🔔 Microsoft has issued the final cumulative update for Windows 10, KB5066791, as the OS reaches end of support on October 14, 2025. The mandatory update delivers Microsoft's October 2025 Patch Tuesday fixes, closing six zero-day vulnerabilities and addressing 172 additional flaws. After installation, Windows 10 22H2 and 21H2 are updated to builds 19045.6456 and 19044.6456; users can install via Windows Update or the Microsoft Update Catalog and may schedule restarts to complete the process.

🔒 Microsoft released its October 2025 Patch Tuesday, addressing 172 vulnerabilities including six zero‑day flaws and eight Critical issues. The updates include five remote code execution and three elevation‑of‑privilege critical bugs, along with numerous information disclosure, denial‑of‑service and security feature bypass fixes. Notable actions include the removal of an Agere modem driver and patches for exploited elevation‑of‑privilege and SMB/SQL Server issues. Windows 10 reaches end of support with this release; Extended Security Updates remain available for organizations and consumers.

🔒 Microsoft has released cumulative updates KB5066835 and KB5066793 for Windows 11 versions 25H2/24H2 and 23H2 as part of the October 2025 Patch Tuesday. These mandatory updates move systems to Build 26200.6899 (25H2/24H2) and 226x1.6050 (23H2) and address recent security vulnerabilities plus several functional issues. Notable fixes include a Chromium print preview hang, PowerShell Remoting timeouts, Windows Hello USB IR camera setup failures, and a gaming sign-in input bug. The update also removes the ltmdm64.sys modem driver and rolls out new AI, accessibility, and File Explorer features gradually.

🔒 Microsoft’s October 2025 Patch Tuesday addresses 172 vulnerabilities, including two publicly disclosed issues, three zero‑day flaws and eight Critical CVEs. The bulk of fixes target Windows (134 patches), Microsoft Office (18) and Azure (6), with elevation-of-privilege and remote code execution as the primary risks. Windows 10 reaches end of life on October 14, 2025; hosts must be on 22H2 to receive Extended Security Updates. CrowdStrike recommends prioritizing patches for actively exploited zero‑days and using Falcon Exposure Management dashboards to track and remediate affected systems.

🔔 The UK's National Cyber Security Centre has urged Oracle E-Business Suite customers to apply an emergency update for CVE-2025-61882, a critical unauthenticated remote code execution vulnerability in the BI Publisher Integration component affecting EBS 12.2.3–12.2.14. Security firm Mandiant reports the Clop ransomware group exploited the bug as a zero-day in August, and the exploit has since been leaked, raising the risk of wider attacks. The NCSC and Rapid7 recommend immediate compromise assessments using Oracle's IoCs, contacting Oracle PSIRT and the NCSC if compromise is suspected, installing the latest EBS update (with the October 2023 CPU applied first), and reducing internet exposure of EBS instances.

⚠️ CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog on Sept. 29, 2025, citing evidence of active exploitation. The newly listed issues are CVE-2021-21311 (Adminer SSRF), CVE-2025-20352 (Cisco IOS/IOS XE stack overflow), CVE-2025-10035 (Fortra GoAnywhere deserialization), CVE-2025-59689 (Libraesva command injection), and CVE-2025-32463 (sudo untrusted-control vulnerability). Federal Civilian Executive Branch agencies must remediate these under BOD 22-01, and CISA urges all organizations to prioritize timely fixes as part of standard vulnerability management.

🛡️ SonicWall released firmware 10.2.2.2-92sv for SMA 100-series appliances to add file checks intended to remove an observed rootkit, and moved SMA 100 end-of-support to 31 October 2025. The bulletin also flags an unpatched OnePlus SMS permission bypass (CVE-2025-10184), a GeoServer RCE compromise affecting a U.S. federal agency, and ongoing npm supply-chain and RAT campaigns. Defenders are urged to apply patches, rotate credentials, and enforce phishing-resistant MFA.

⚠️Microsoft confirmed that the September 2025 Windows security updates can break connections to SMBv1 shares when NetBIOS over TCP/IP (NetBT) is used. The issue affects client releases (Windows 11 24H2/23H2/22H2, Windows 10 22H2/21H2) and server releases (Windows Server 2025, 2022) and may occur if either the SMB client or server has the update. As a temporary workaround, administrators are advised to allow SMB traffic on TCP port 445 so Windows can switch from NetBT to TCP. Microsoft is investigating and developing a fix.

⚠️ Microsoft reminded customers that Windows 10 will reach end of servicing on October 14, 2025, with the October monthly update being the last security release for affected versions. After that date, Microsoft will no longer provide bug fixes or technical assistance for security, stability, or usability issues. Customers are advised to upgrade eligible devices to Windows 11, migrate to Windows 365 in the cloud, enroll in Extended Security Updates (ESU), or consider LTSC/LTSC alternatives for specialized devices.

🔧 Microsoft has resolved severe lag and stuttering issues affecting NDI streaming on Windows 10 and Windows 11 that appeared after the August 2025 cumulative security updates. The root cause was tied to KB5063878 and KB5063709 and manifested as dropped NDI traffic and degraded performance specifically over RUDP connections, while UDP and Single-TCP streams were unaffected. On September 9, 2025, Microsoft released fixes (KB5065426 and KB5065429) and recommends applying those updates; NDI also published a temporary workaround to switch Receive Mode to Single TCP or UDP in the NDI Tools Access Manager for systems that cannot immediately update.

🔧 Microsoft has issued a fix for an August 2025 update that caused unexpected User Account Control (UAC) prompts and blocked MSI app installations for non-administrative users across multiple Windows client and server releases. The behavior resulted from a security patch addressing CVE-2025-50173, which introduced broader elevation checks to mitigate privilege escalation. Microsoft’s September 2025 update narrows when UAC is required for MSI repairs and lets IT administrators add specific MSI packages to an allowlist via new SecureRepairPolicy and SecureRepairWhitelist registry keys. The company also resolved a separate bug that caused severe lag and stuttering in NDI streaming software on Windows 10 and Windows 11.