Microsoft releases urgent patches for 175+ flaws, including three active zero-days, as Windows 10 and Server 2019 reach end-of-life.

Microsoft's October 2025 Patch Tuesday addresses over 175 vulnerabilities across Windows, Azure, and other products, including three actively exploited zero-day flaws. Critical issues include a privilege escalation in Windows Remote Access Connection Manager, a Secure Boot bypass in IGEL OS, and a wormable remote code execution flaw in WSUS. Three zero-days in the Agere modem driver and TPM 2.0 implementation are also being exploited, prompting Microsoft to disable the affected driver. An unpatched AMD EPYC processor flaw affecting cloud systems remains a concern. Windows 10 and Server 2019 receive final security updates as support ends. Adobe and SAP also released critical patches. Organizations are urged to prioritize immediate updates.