Microsoft Today a software update was released to fix 172 security flaws. windows Operating system, which contains at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the last month for which Microsoft will send security updates windows 10 System. If you are running a Windows 10 PC and you are unable or unwilling to migrate windows 11Read on for other options.
First zero-day bug addressed this month (CVE-2025-24990) includes a third-party modem driver called Agere Modem that has been bundled with Windows for the past two decades. Microsoft responded to active attacks on this flaw by completely removing the vulnerable driver from Windows.
second zero day CVE-2025-59230Escalation of Privilege Vulnerability windows remote access connection manager (also known as Rasman), a service used to manage remote network connections through virtual private networks (VPNs) and dial-up networks.
“While Rasman is a frequent flyer on Patch Tuesday, appearing more than 20 times since January 2022, this is the first time we have seen it exploited in the wild as a zero day,” it said. Satnam NarangSenior Staff Research Engineer worth,
Narang noted that Microsoft Office Users should also pay attention CVE-2025-59227 And CVE-2025-59234A pair of remote code execution bugs that take advantage of the “preview pane”, meaning the target doesn’t even need to have the file open for exploitation. To execute these flaws, an attacker would social engineer a target to preview an email with a malicious Microsoft Office document.
Talking about Office, Microsoft Quietly announced this week He Microsoft Word The documents will now be automatically saved to Microsoft’s cloud platform OneDrive. Users who are uncomfortable with saving all of their documents in Microsoft’s cloud can change this in Word’s settings; ZDNet has a useful way On disabling this feature.
kev breenSenior Director of Threat Research immersivedrew attention to CVE-2025-59287A critical remote code execution bug in the Windows Server Update Service (WSUS) – the same Windows service that is responsible for downloading security patches for Windows Server editions. Microsoft says there is no indication yet that this weakness is being exploited. But with a threat score of 9.8 out of a possible 10 and being marked as “high potential for exploitation”, CVE-2025-59287 can be used without authentication and is an easy “Patch Now” candidate.
“Microsoft provides limited information, stating that an unauthenticated attacker with network access could send untrusted data to a WSUS server, resulting in deserialization and code execution,” Breen wrote. “Since WSUS is a trusted Windows service designed to update privileged files in the file system, an attacker would have free rein over the operating system and could potentially bypass some EDR detections that the WSUS service might ignore or exclude.”
For more information about other Redmond improvements, visit TODAY SANS Internet Storm Center monthly roundupWhich indexes all updates based on severity and urgency.
Windows 10 isn’t the only Microsoft OS reaching an expiration date today; exchange server 2016, exchange server 2019, skype for business 2016, Windows 11 IoT Enterprise Edition 22H2And outlook 2016 There are some other products that Microsoft is discontinuing today.
If you’re running a Windows 10 system, you’ve probably already determined whether your PC meets the recommended technical hardware specifications for the Windows 11 OS. If you are unwilling or unable to migrate a Windows 10 system to Windows 11, options exist to continue using Windows 10 without ongoing security updates.
One option is to pay for a second year of security updates Microsoft Extended Security Updates (ESU) program. The cost is only $30 if you don’t have a Microsoft account, and apparently free if you register the PC with a Microsoft account. it video breakdown From ask your computer guy Windows 10 does a good job of walking users through this process. Microsoft emphasizes that ESU enrollment does not provide other types of fixes, feature improvements, or product enhancements. It also doesn’t come with technical support.
If your Windows 10 system is linked to a Microsoft account and signed in when you go to Windows Update, you should see the option to enroll in extended updates. image:
Windows 10 users also have the option to install some flavors of Linux instead. Anyone seriously considering this option should check out the website Endof10.orgIncluding lots of tips and a DIY installation guide.
linux mint A great option for Linux beginners. Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer manufactured in the last decade.
Linux Mint is also likely to have the most intuitive interface for regular Windows users, and it’s largely configurable without much fuss at a text-only command-line prompt. Mint and other flavors of Linux arrive libre officeWhich is an open source suite of tools that includes applications similar to Microsoft Office, and can open, edit, and save documents as Microsoft Office files.
If you prefer to give Linux a test drive before installing it on a Windows PC, you can always download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from an external USB drive. If you don’t see an option for this after restarting, try restarting and pressing the F8 button, which should open a list of bootable drives. Here is a fairly detailed tutorial It tells you how to do it all.
And if you’re trying Linux for the first time, relax and enjoy: The nice thing about a “live” version of Linux (as it’s called when the operating system is run from a removable drive like a CD or USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will bring the system back to its original state.
As always, if you experience any difficulties during or after applying this month’s batch of patches, please leave a note about it in the comments below.
