Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you’re running a Windows 10 PC and you’re unable or unwilling to migrate to Windows 11, read on for other options.
The first zero-day bug addressed this month (CVE-2025-24990) involves a third-party modem driver called Agere Modem that’s been bundled with Windows for the past two decades. Microsoft responded to active attacks on this flaw by completely removing the vulnerable driver from Windows.
The other zero-day is CVE-2025-59230, an elevation of privilege vulnerability in Windows Remote Access Connection Manager (also known as RasMan), a service used to manage remote network connections through virtual private networks (VPNs) and dial-up networks.
“While RasMan is a frequent flyer on Patch Tuesday, appearing more than 20 times since January 2022, this is the first time we’ve seen it exploited in the wild as a zero day,” said Satnam Narang, senior staff research engineer at Tenable.
Narang notes that Microsoft Office users should also take note of CVE-2025-59227 and CVE-2025-59234, a pair of remote code execution bugs that take advantage of “Preview Pane,” meaning that the target doesn’t even need to open the file for exploitation to occur. To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.
Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform. Users who are uncomfortable saving all of their documents to Microsoft’s cloud can change this in Word’s settings; ZDNet has a useful how-to on disabling this feature.
Kev Breen, senior director of threat research at Immersive, called attention to CVE-2025-59287, a critical remote code execution bug in the Windows Server Update Service (WSUS) — the very same Windows service responsible for downloading security patches for Windows Server versions. Microsoft says there are no signs this weakness is being exploited yet. But with a threat score of 9.8 out of possible 10 and marked “exploitation more likely,” CVE-2025-59287 can be exploited without authentication and is an easy “patch now” candidate.
“Microsoft provides limited information, stating that an unauthenticated attacker with network access can send untrusted data to the WSUS server, resulting in deserialization and code execution,” Breen wrote. “As WSUS is a trusted Windows service that is designed to update privileged files across the file system, an attacker would have free rein over the operating system and could potentially bypass some EDR detections that ignore or exclude the WSUS service.”
For more on other fixes from Redmond today, check out the SANS Internet Storm Center monthly roundup, which indexes all of the updates by severity and urgency.
Windows 10 isn’t the only Microsoft OS that is reaching end-of-life today; Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are some of the other products that Microsoft is sunsetting today.
If you’re running any Windows 10 systems, you’ve probably already determined whether your PC meets the technical hardware specs recommended for the Windows 11 OS. If you’re reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.
One option is to pay for another year’s worth of security updates through Microsoft’s Extended Security Updates (ESU) program. The cost is just $30 if you don’t have a Microsoft account, and apparently free if you register the PC to a Microsoft account. This video breakdown from Ask Your Computer Guy does a good job of walking Windows 10 users through this process. Microsoft emphasizes that ESU enrollment does not provide other types of fixes, feature improvements or product enhancements. It also does not come with technical support.
If your Windows 10 system is associated with a Microsoft account and signed in when you visit Windows Update, you should see an option to enroll in extended updates. Image: https://www.youtube.com/watch?v=SZH7MlvOoPM
Windows 10 users also have the option of installing some flavor of Linux instead. Anyone seriously considering this option should check out the website endof10.org, which includes a plethora of tips and a DIY installation guide.
Linux Mint is a great option for Linux newbies. Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer produced in the last decade.
Linux Mint also is likely to be the most intuitive interface for regular Windows users, and it is largely configurable without any fuss at the text-only command-line prompt. Mint and other flavors of Linux come with LibreOffice, which is an open source suite of tools that includes applications similar to Microsoft Office, and it can open, edit and save documents as Microsoft Office files.
If you’d prefer to give Linux a test drive before installing it on a Windows PC, you can always just download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you don’t see an option for that after restarting, try restarting again and hitting the F8 button, which should open a list of bootable drives. Here’s a fairly thorough tutorial that walks through exactly how to do all this.
And if this is your first time trying out Linux, relax and have fun: The nice thing about a “live” version of Linux (as it’s called when the operating system is run from a removable drive such as a CD or a USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will return the system back to its original state.
As ever, if you experience any difficulties during or after applying this month’s batch of patches, please leave a note about it in the comments below.
“Microsoft Word will now automatically save documents to OneDrive”
This is the kind of attitude that years ago got me on the path of Linux, and away from things Microsoft. It’s the attitude of cramming unwanted features and apps up our collective arses regardless of what we actually need or want. But with this support downgrade, I believe Micro$oft finally urinated into the fan, and I may speak for millions. Because why would I trash two perfectly good laptops, one an i3 with SSD and 12GB ram, and the other an i5 with SSD and 32GB ram. Both will run any flavor of Linux absolutely fine. Some of my clients need QuickBooks, and I like LTSpice, but I can run ngspice without the GUI, and clients can purchase a Windows 11 compatible computer if they want to keep me as support. Oh, and I did get the free one year extended support from Micr$oft…
I used to multiple-boot my (non-mac) laptops, and almost always had a Windows instance available, but I, too, veered away from Microsoft when it started putting everything in the cloud (specifically, Office). Some of that is because, having a background in security, I know the risks, and some of it is just that I am not comfortable with any of my personal data being in the cloud unless it absolutely must be (and then, I would encrypt it; why leave the possibility of random people seeing it, deliberately or otherwise?).
I never liked the fact that Microsoft moved away from its more straightforward UI to its more and more tile-based, touchscreen-‘friendly’ progression. I think after around Windows 7 it just got unwieldy. Still, it’s the de facto standard for document writing and I don’t really like the open-source alternatives (eg, OpenOffice, Libre Office).
Maybe, eventually, Microsoft will reconsider allowing its customers the option to decide whether it wants to use ‘the cloud’ for such things.
“I don’t really like the open-source alternatives (eg, OpenOffice, Libre Office).”
No clippy? Seriously what? The excel is neutered perhaps, what else?
I went to sign up for the free ESU, only to discover I have to back up my system to freaking One Drive! I already have a back-up system that’s been working for years. I never use OneDrive and don’t want to.
I share your dislike of the free Office clones. When I was writing newsletters every submission we got from Open/Libre Office was a mess that had to be retooled before I could use it. I’m a writer and ALL of my submission avenues require MS Word. I’ve been using Word for years, like it a lot and take an “if it ain’t broke, don’t fix it” approach to life. If word processing was a sideline in my working life I’d probably use Libre/Open Office. But it’s not.
Cumulative Update Win10 Version 22H2 is not downloading, it stops at 20%. Three tries including using CCleaner for the download, this stopped at 80%. MS information suggested there are missing prior updates that are needed without providing these updates. 10 years of Win10 and still buggy, and problematic. Thank you for the update.
DISM time. Or a reinstall and then use MS cloud account so you get the “free” year.
What a bunch of idiots MS turned out to be. Windows 7 was the high water mark.
0patch is an alternative to ESU.
The company has committed to supporting Windows 10 for at least 5 years.
We subscribed until we decide when we’ll upgrade to new hardware
Microsoft has entirely lost a focus on its customers & product quality. It’s outwardly clear that they aren’t focused on features users want or need but on those the company will extract the most profit from. We DON”T want the pile of dung you have bolted onto your ‘OS’: No forced MSFT account, AI Copilot, Recall, One Drive, Edge, no force movement to the cloud. You have made the OS a data collection tool that alongside AI and other tools makes us less secure and private than ever before. Never mind the compliance nightmare you create by enabling shadow IT with these ‘features’ nobody asked for. You need to have full feature parity to manage ALL of these things with on-prem AD and give users the choice as to what they deploy and how. This “OS’ is as bad as any early 2000 spyware/malware ridden mess except that YOU are the cause.
This isn’t a tech dictatorship and we tire of your viewpoint that it is.
You don’t seem to give a sh1t anymore and it shows. I’ve been done for more than a decade and I hope everyone else will also plan an exit from the company in the near future.
If you don’t care what customers think or want, we will not keep buying from you. Get a grip.
As a non-techie with interest in tech, nevertheless, I am appalled over all the AI incorporated into my windows 11 laptop. I want “out” of One Drive uploading of, well, whatever I do online! I authorized none of it – except as default as a result of unreadable “small print.”
How do I opt out?
MacOS or Linux. Either one will be a leap out of a Windows comfort zone. Unfortunately they’ve left you no alternative but to ditch M$ and learn how to use other things in its stead. They’re betting you won’t. Fsck em.
I recently upgraded a Microsoft Surface that would not upgrade to WIndows 11 to ChromeOS. Super simple and extends the life of the hardware. See https://support.google.com/chromeosflex/answer/11552529 for more info.
I was surprised by how easy it was for me to get a 1 year extension. Update asked me if I wanted one and all i had to do was login with my skype account and then confirm “yes i want an extra year”. Seemed too easy based on the reporting i have been monitoring for the past year.