Microsoft just released its biggest Patch Tuesday update ever, fixing a staggering 175 security vulnerabilities in October. This breaks all previous records and pushes 2025's total past 1,021 CVEs—already exceeding all of 2024 with two months remaining.
Two zero-day flaws are being actively exploited by attackers. CVE-2025-59230 affects Windows Remote Access Connection Manager, letting hackers escalate privileges to admin level. CVE-2025-24990 targets a Windows Agere modem driver, which Microsoft is completely removing from Windows.
The update also marks Windows 10's end of life. Organizations still using the OS—which holds 41% of the desktop market—must switch to Extended Security Updates to keep receiving patches.
Source: Dark Reading