Prince Andrew. Photo: Getty Images Britain's Prince Andrew said he would give up using his title of Duke of York following years of criticism about his behaviour and connections to the late US sex offender Jeffrey Epstein.
Prince Andrew. Photo: Getty Images Britain's Prince Andrew said on Friday he would give up using his title of Duke of York following years of criticism about his behaviour and connections to the late US sex offender Jeffrey Epstein.
Prince Andrew. Photo: Getty Images Britain's Prince Andrew said he would give up using his title of Duke of York following years of criticism about his behaviour and connections to the late US sex offender Jeffrey Epstein.
Prince Andrew. Photo: Getty Images Britain's Prince Andrew said he would give up using his title of Duke of York following years of criticism about his behaviour and connections to the late US sex offender Jeffrey Epstein.
The development follows a string of new scandals and huge pressure from the King.
The development follows a string of new scandals and huge pressure from the King.
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday , as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers. The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay. In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.” Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe , among others, follows a similar patch cadence. Patch Tuesday coverage has also long been a staple of Computerworld ’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month. In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates. For October’s Patch Tuesday, a scary number of fixes Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” More info on Microsoft Security updates for October 2025 . For September, Patch Tuesday means fixes for Windows, Office and SQL Server Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so there’s no “patch now” recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group. To reinforce this fact, we have patches for Microsoft’s browser platform that have (perhaps for the first time) been rated at a much lower “moderate” security rating (as opposed to critical or important). More info on Microsoft Security updates for September 2025 . For August, a ‘complex’ Patch Tuesday with 111 updates Microsoft’s August Patch Tuesday release offers a rather complex set of updates, with 111 fixes affecting Windows, Office, SQL Server and Exchange Server — and several “Patch Now” recommendations. Publicly disclosed vulnerabilities in Windows Kerberos ( CVE-2025-53779 ) and Microsoft SQL Server ( CVE-2025-49719 ) require immediate attention. In addition, a CISA directive about a severe Microsoft Exchange vulnerability ( CVE-2025-53786 ) also requires immediate attention for government systems. And Office is on the “Patch Now” update calendar due to a “preview pane” vulnerability ( CVE-2025-53740 ). More info on Microsoft Security updates for August 2025 . For July, a ‘big, broad’ Patch Tuesday release With 133 patches in its Patch Tuesday update this month, Microsoft delivered a big, broad and important release that requires a Patch Now plan for Windows, Microsoft Office and SQL Server. A zero-day ( CVE-2025-49719 ) in SQL Server requires urgent action, as do Git extensions to Microsoft Visual Studio. More info on Microsoft Security updates for July 2025 . June Patch Tuesday: 68 fixes — and two zero-day flaws Microsoft offered up a fairly light Patch Tuesday release for June, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. But two zero-day vulnerabilities ( CVE-2025-33073 and CVE-2025-33053 ) mean IT admins need to get busy with quick patching plans. More info on Microsoft Security updates for June 2025 . May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. However, five zero-day exploits for Windows mean this month’s Windows updates should be patched now. More info on Microsoft Security updates for May 2025 .
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday , as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers. The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay. In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.” Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe , among others, follows a similar patch cadence. Patch Tuesday coverage has also long been a staple of Computerworld ’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month. In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates. For October’s Patch Tuesday, a scary number of fixes Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” More info on Microsoft Security updates for October 2025 . For September, Patch Tuesday means fixes for Windows, Office and SQL Server Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so there’s no “patch now” recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group. To reinforce this fact, we have patches for Microsoft’s browser platform that have (perhaps for the first time) been rated at a much lower “moderate” security rating (as opposed to critical or important). More info on Microsoft Security updates for September 2025 . For August, a ‘complex’ Patch Tuesday with 111 updates Microsoft’s August Patch Tuesday release offers a rather complex set of updates, with 111 fixes affecting Windows, Office, SQL Server and Exchange Server — and several “Patch Now” recommendations. Publicly disclosed vulnerabilities in Windows Kerberos ( CVE-2025-53779 ) and Microsoft SQL Server ( CVE-2025-49719 ) require immediate attention. In addition, a CISA directive about a severe Microsoft Exchange vulnerability ( CVE-2025-53786 ) also requires immediate attention for government systems. And Office is on the “Patch Now” update calendar due to a “preview pane” vulnerability ( CVE-2025-53740 ). More info on Microsoft Security updates for August 2025 . For July, a ‘big, broad’ Patch Tuesday release With 133 patches in its Patch Tuesday update this month, Microsoft delivered a big, broad and important release that requires a Patch Now plan for Windows, Microsoft Office and SQL Server. A zero-day ( CVE-2025-49719 ) in SQL Server requires urgent action, as do Git extensions to Microsoft Visual Studio. More info on Microsoft Security updates for July 2025 . June Patch Tuesday: 68 fixes — and two zero-day flaws Microsoft offered up a fairly light Patch Tuesday release for June, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. But two zero-day vulnerabilities ( CVE-2025-33073 and CVE-2025-33053 ) mean IT admins need to get busy with quick patching plans. More info on Microsoft Security updates for June 2025 . May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. However, five zero-day exploits for Windows mean this month’s Windows updates should be patched now. More info on Microsoft Security updates for May 2025 .
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday , as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers. The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay. In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.” Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe , among others, follows a similar patch cadence. Patch Tuesday coverage has also long been a staple of Computerworld ’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month. In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates. For October’s Patch Tuesday, a scary number of fixes Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” More info on Microsoft Security updates for October 2025 . For September, Patch Tuesday means fixes for Windows, Office and SQL Server Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so there’s no “patch now” recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group. To reinforce this fact, we have patches for Microsoft’s browser platform that have (perhaps for the first time) been rated at a much lower “moderate” security rating (as opposed to critical or important). More info on Microsoft Security updates for September 2025 . For August, a ‘complex’ Patch Tuesday with 111 updates Microsoft’s August Patch Tuesday release offers a rather complex set of updates, with 111 fixes affecting Windows, Office, SQL Server and Exchange Server — and several “Patch Now” recommendations. Publicly disclosed vulnerabilities in Windows Kerberos ( CVE-2025-53779 ) and Microsoft SQL Server ( CVE-2025-49719 ) require immediate attention. In addition, a CISA directive about a severe Microsoft Exchange vulnerability ( CVE-2025-53786 ) also requires immediate attention for government systems. And Office is on the “Patch Now” update calendar due to a “preview pane” vulnerability ( CVE-2025-53740 ). More info on Microsoft Security updates for August 2025 . For July, a ‘big, broad’ Patch Tuesday release With 133 patches in its Patch Tuesday update this month, Microsoft delivered a big, broad and important release that requires a Patch Now plan for Windows, Microsoft Office and SQL Server. A zero-day ( CVE-2025-49719 ) in SQL Server requires urgent action, as do Git extensions to Microsoft Visual Studio. More info on Microsoft Security updates for July 2025 . June Patch Tuesday: 68 fixes — and two zero-day flaws Microsoft offered up a fairly light Patch Tuesday release for June, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. But two zero-day vulnerabilities ( CVE-2025-33073 and CVE-2025-33053 ) mean IT admins need to get busy with quick patching plans. More info on Microsoft Security updates for June 2025 . May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. However, five zero-day exploits for Windows mean this month’s Windows updates should be patched now. More info on Microsoft Security updates for May 2025 .
Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are. Patch Tuesday , as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers. The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates. Like tacos, Patch Tuesday is here to stay. In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.” Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry. As a case in point, Adobe , among others, follows a similar patch cadence. Patch Tuesday coverage has also long been a staple of Computerworld ’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month. In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates. For October’s Patch Tuesday, a scary number of fixes Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11.” More info on Microsoft Security updates for October 2025 . For September, Patch Tuesday means fixes for Windows, Office and SQL Server Microsoft released 86 patches this week with updates for Office, Windows, and SQL Server. But there were no zero-days, so there’s no “patch now” recommendation from the Readiness team this month. This is an incredible sign of success for the Microsoft update group. To reinforce this fact, we have patches for Microsoft’s browser platform that have (perhaps for the first time) been rated at a much lower “moderate” security rating (as opposed to critical or important). More info on Microsoft Security updates for September 2025 . For August, a ‘complex’ Patch Tuesday with 111 updates Microsoft’s August Patch Tuesday release offers a rather complex set of updates, with 111 fixes affecting Windows, Office, SQL Server and Exchange Server — and several “Patch Now” recommendations. Publicly disclosed vulnerabilities in Windows Kerberos ( CVE-2025-53779 ) and Microsoft SQL Server ( CVE-2025-49719 ) require immediate attention. In addition, a CISA directive about a severe Microsoft Exchange vulnerability ( CVE-2025-53786 ) also requires immediate attention for government systems. And Office is on the “Patch Now” update calendar due to a “preview pane” vulnerability ( CVE-2025-53740 ). More info on Microsoft Security updates for August 2025 . For July, a ‘big, broad’ Patch Tuesday release With 133 patches in its Patch Tuesday update this month, Microsoft delivered a big, broad and important release that requires a Patch Now plan for Windows, Microsoft Office and SQL Server. A zero-day ( CVE-2025-49719 ) in SQL Server requires urgent action, as do Git extensions to Microsoft Visual Studio. More info on Microsoft Security updates for July 2025 . June Patch Tuesday: 68 fixes — and two zero-day flaws Microsoft offered up a fairly light Patch Tuesday release for June, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. But two zero-day vulnerabilities ( CVE-2025-33073 and CVE-2025-33053 ) mean IT admins need to get busy with quick patching plans. More info on Microsoft Security updates for June 2025 . May’s Patch Tuesday serves up 78 updates, including 5 zero-day fixes This May Patch Tuesday release is very much a “back-to-basics” update with just 78 patches for Microsoft Windows, Office, Visual Studio, and .NET. Notably, Microsoft has not released any patches for Microsoft Exchange Server or Microsoft SQL Server. However, five zero-day exploits for Windows mean this month’s Windows updates should be patched now. More info on Microsoft Security updates for May 2025 .
Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. (All other updates can be added to your standard patch release schedule.) To help you navigate these changes, the Readiness team created this detailed infographic detailing the risks of deploying updates to each platform . (More information about recent Patch Tuesday releases is available here .) Known issues Microsoft documented a single, relatively minor issue with last month’s patches affecting Windows 11 desktops only: Applications that use Enhanced Video Renderer ( ECR ) with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens. Microsoft partially resolved this problem with its October update. We don’t expect an out-of-bounds fix for this playback issue; a full fix may have to wait until next month. Major revisions and mitigations Microsoft published several revisions to its Azure Entra ID and authentication offering and other Azure tools. However, there appears to be only one revision to a desktop (or server) patch since September:n CVE-2025-50173 : Windows Installer Elevation of Privilege Vulnerability. Microsoft has updated the recommendations for this patch to include using the Multimedia Redirection Installer as well as updating all affected target systems. This revision requires customer action and should be considered for most enterprise deployments. Windows lifecycle and enforcement updates So this is awkward . General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11” It is probably now the time to give Windows 11 a try. Soon(ish). Each month, the Readiness crew analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on a large app portfolio and an in-depth analysis of the patches and their potential impact on Windows platforms and application deployments. These areas are covered: RDP connectivity and session reliability. Printing and document workflow resilience. Network throughput and proxy behavior validation. UI and GPU rendering stability within Hyper-V environments. Core OS and system validation Readiness recommends that testing teams begin by validating the foundational elements of the Windows platform. Ensuring smooth startup, account management, and policy operations helps catch regressions early and prevents cascading test failures downstream: Test basic boot, login, and Windows Defender Application Control (WDAC) policy enforcement. Validate administrative tasks such as user creation, group management, and policy refresh. Confirm stability during restart, shutdown, and update rollback scenarios. Run targeted tests of BitLocker recovery and drive encryption workflows. As part of this testing effort ,ensure that Windows desktop system-level policies, encryption, and authentication behave as expected before you layer on additional higher‑level functionality testing. Remote Desktop and network connectivity We recommend validating session reliability, reconnection performance, and the behavior of dependent services for hybrid and distributed environments: Perform end-to-end RDP sessions between clients and servers. Copy files between sessions, redirect local printers and USB devices and disconnect and reconnect sessions to verify state persistence. Confirm VPN connectivity using multiple tunneling and authentication methods. Open browsers, connect repeatedly to multiple sites, and transfer large files to validate stability over TCP/IP. Test SMB loopback connections using UNC paths and validate proxy configurations when switching between corporate and guest networks. Validate client-side printing from Remote Desktop Services sessions. Your testing should generate stable connectivity sessions under changing conditions, with stateful RDP and VPN sessions and predictable proxy behavior. Printing and document workflows Testing teams should prioritize both client and server‑side printing services, with an emphasis on high‑concurrency and recovery scenarios such as: Perform multiple (large) print jobs through the Print Workflow Service . Cancel jobs mid-process and observe recovery. Restart the service during active printing to ensure there are no deadlocks or orphaned tasks. Critical core printing functions were updated this month, so crashes and blue-screens could be “ on the menu ” with this update. (Let’s hope not.) Networking and bluetooth interoperability Network stacks and wireless connectivity remain central to mobility testing. Teams should prioritize interoperability, speed, and reconnection behaviors for both wired and wireless scenarios: Conduct file‑transfer tests over IPv6 and measure throughput under variable latency. Perform a Bluetooth file transfer. Exercise packet send/receive flows using browsers, messaging apps, and file uploads. Test Bluetooth pairing and switching between multiple devices. Observe media playback and disconnect/reconnect transitions for smoothness and stability. Verify Nearby Share for varied file sizes and formats. You should be looking for stable file transfers (including Nearby Share and Bluetooth), consistent device switching, and reliable wireless throughput across mixed environments. Storage and file system operations Prioritize validating data integrity and access control through stress testing of file systems and storage pools: Perform NTFS read/write tests including rename, delete, and copy. Execute permission changes using GetSecurityInfo and SetSecurityInfo. Test ReFS deduplication scheduling through PowerShell. Simulate storage expansion with Storage Spaces Direct (S2D) . Look for consistent read/write access and reliable storage virtualization behavior during expansion and scheduled deduplication. Graphics and UI rendering We recommend validating visual consistency and GPU acceleration in both native and virtualized environments: Verify apps using DirectComposition and the DWM API render correctly under theme changes. Change themes and wallpapers while apps run to test live refresh. Confirm GPU-accelerated Hyper-V VM sessions remain stable with display remoting enabled. You want to ensure stable rendering and error‑free theme transitions across both physical and virtual environments. Security and identity validation Testing teams should verify identity handoffs, certificate management, and logging accuracy: Test token-based sign-ins through Microsoft Entra ID and legacy NTLM fallbacks. Verify certificate generation and key management via BCrypt and NCrypt . Confirm proper logging and access-denied events in Windows Event Viewer . Try testing out credential exchanges and cryptographic functions — and ensure that audit events operate consistently across updated builds. Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: Browsers (Microsoft IE and Edge) Windows (both desktop and server) Microsoft Office Microsoft Exchange and SQL Server Microsoft Developer Tools (Visual Studio and .NET) Adobe (if you get this far) Browsers There were no native updates for Microsoft’s browsers this month. The Chromium project has released 14 patches that have been integrated in the latest Edge release . Add these low-profile changes to your standard release calendar. Windows The following product areas have been updated with two critical patches, 101 labeled important, (yes, that’s a lot) and one rated as moderate. Given the reports of public disclosure and exploitation, we’ve highlighted the following vulnerabilities: CVE-2025-24052 and CVE-2025-24990 : To address this Elevation of Privilege vulnerability in Windows desktops, Microsoft is not offering an update, but instead a removal of the ltmdm64.sys driver. The Readiness team recommends an application portfolio assessment, scanning for file and API level dependencies for this driver. Looking for application packages that deal with Faxes would be a good start. CVE-2025-2884 : This update addresses a vulnerability in the CryptHmacSign function. There have been issues reported on this (and similar) out-of-bounds vulnerability(s) since June. However, Microsoft now says this vulnerability has been publicly disclosed. CVE-2025-59230 : Exploits for this vulnerability in Windows Remote Access Connection Manager ( WRACM ) have been published; unless addressed, it could lead to an elevation of privilege scenario on the target systems. Given these four reported zero-days for Windows, add this to your “Patch Now” schedule for October. Microsoft Office Microsoft released three updates (rated as critical) affecting Office as a platform and specifically Microsoft Excel with CVE-2025-59234 , CVE-2025-59236 and CVE-2025-59227 . All three updates address use-after-free memory issues; the remaining 15 patches are rated as important and address information disclosure related vulnerabilities. Add these Office updates to your standard release calendar. Microsoft Exchange and SQL Server Microsoft published a single update for SQL Server this October. This patch ( CVE-2025-59250 ) has been rated important and attempts to resolve an issue with the JDBC integration with Microsoft SQL Server. A server reboot will be required. In addition, Microsoft released three updates to Microsoft Exchange Server ( CVE-2025-53782 , CVE-2025-59249 and CVE-2025-59248 ). Add these SQL Server and Exchange Server changes to your standard server update plan. Developer tools Six updates were published for Microsoft .NET and Visual Studio, all of them rated important. The update to Git ( CVE-2025-54132 ) might appear odd as it relates to a bug in the Mermaid Diagram tool, but it was created on behalf of Git for publishing reasons. Add these updates to your standard patching schedule. Adobe (and third-party updates) Next month, we might see the retirement of this Adobe related section (promises, promises). That said, Microsoft has released seven updates from third-party vendors, including CERT/CC, Mitre and GitHub. It looks like Mitre and AMD are raising these CVE entries on behalf of open source organizations (such as libTiFF ) to facilitate the rapid patches of these commonly used components. It’s a good idea. I hope that we see more of this kind of collaboration.
Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. (All other updates can be added to your standard patch release schedule.) To help you navigate these changes, the Readiness team created this detailed infographic detailing the risks of deploying updates to each platform . (More information about recent Patch Tuesday releases is available here .) Known issues Microsoft documented a single, relatively minor issue with last month’s patches affecting Windows 11 desktops only: Applications that use Enhanced Video Renderer ( ECR ) with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens. Microsoft partially resolved this problem with its October update. We don’t expect an out-of-bounds fix for this playback issue; a full fix may have to wait until next month. Major revisions and mitigations Microsoft published several revisions to its Azure Entra ID and authentication offering and other Azure tools. However, there appears to be only one revision to a desktop (or server) patch since September:n CVE-2025-50173 : Windows Installer Elevation of Privilege Vulnerability. Microsoft has updated the recommendations for this patch to include using the Multimedia Redirection Installer as well as updating all affected target systems. This revision requires customer action and should be considered for most enterprise deployments. Windows lifecycle and enforcement updates So this is awkward . General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11” It is probably now the time to give Windows 11 a try. Soon(ish). Each month, the Readiness crew analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on a large app portfolio and an in-depth analysis of the patches and their potential impact on Windows platforms and application deployments. These areas are covered: RDP connectivity and session reliability. Printing and document workflow resilience. Network throughput and proxy behavior validation. UI and GPU rendering stability within Hyper-V environments. Core OS and system validation Readiness recommends that testing teams begin by validating the foundational elements of the Windows platform. Ensuring smooth startup, account management, and policy operations helps catch regressions early and prevents cascading test failures downstream: Test basic boot, login, and Windows Defender Application Control (WDAC) policy enforcement. Validate administrative tasks such as user creation, group management, and policy refresh. Confirm stability during restart, shutdown, and update rollback scenarios. Run targeted tests of BitLocker recovery and drive encryption workflows. As part of this testing effort ,ensure that Windows desktop system-level policies, encryption, and authentication behave as expected before you layer on additional higher‑level functionality testing. Remote Desktop and network connectivity We recommend validating session reliability, reconnection performance, and the behavior of dependent services for hybrid and distributed environments: Perform end-to-end RDP sessions between clients and servers. Copy files between sessions, redirect local printers and USB devices and disconnect and reconnect sessions to verify state persistence. Confirm VPN connectivity using multiple tunneling and authentication methods. Open browsers, connect repeatedly to multiple sites, and transfer large files to validate stability over TCP/IP. Test SMB loopback connections using UNC paths and validate proxy configurations when switching between corporate and guest networks. Validate client-side printing from Remote Desktop Services sessions. Your testing should generate stable connectivity sessions under changing conditions, with stateful RDP and VPN sessions and predictable proxy behavior. Printing and document workflows Testing teams should prioritize both client and server‑side printing services, with an emphasis on high‑concurrency and recovery scenarios such as: Perform multiple (large) print jobs through the Print Workflow Service . Cancel jobs mid-process and observe recovery. Restart the service during active printing to ensure there are no deadlocks or orphaned tasks. Critical core printing functions were updated this month, so crashes and blue-screens could be “ on the menu ” with this update. (Let’s hope not.) Networking and bluetooth interoperability Network stacks and wireless connectivity remain central to mobility testing. Teams should prioritize interoperability, speed, and reconnection behaviors for both wired and wireless scenarios: Conduct file‑transfer tests over IPv6 and measure throughput under variable latency. Perform a Bluetooth file transfer. Exercise packet send/receive flows using browsers, messaging apps, and file uploads. Test Bluetooth pairing and switching between multiple devices. Observe media playback and disconnect/reconnect transitions for smoothness and stability. Verify Nearby Share for varied file sizes and formats. You should be looking for stable file transfers (including Nearby Share and Bluetooth), consistent device switching, and reliable wireless throughput across mixed environments. Storage and file system operations Prioritize validating data integrity and access control through stress testing of file systems and storage pools: Perform NTFS read/write tests including rename, delete, and copy. Execute permission changes using GetSecurityInfo and SetSecurityInfo. Test ReFS deduplication scheduling through PowerShell. Simulate storage expansion with Storage Spaces Direct (S2D) . Look for consistent read/write access and reliable storage virtualization behavior during expansion and scheduled deduplication. Graphics and UI rendering We recommend validating visual consistency and GPU acceleration in both native and virtualized environments: Verify apps using DirectComposition and the DWM API render correctly under theme changes. Change themes and wallpapers while apps run to test live refresh. Confirm GPU-accelerated Hyper-V VM sessions remain stable with display remoting enabled. You want to ensure stable rendering and error‑free theme transitions across both physical and virtual environments. Security and identity validation Testing teams should verify identity handoffs, certificate management, and logging accuracy: Test token-based sign-ins through Microsoft Entra ID and legacy NTLM fallbacks. Verify certificate generation and key management via BCrypt and NCrypt . Confirm proper logging and access-denied events in Windows Event Viewer . Try testing out credential exchanges and cryptographic functions — and ensure that audit events operate consistently across updated builds. Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: Browsers (Microsoft IE and Edge) Windows (both desktop and server) Microsoft Office Microsoft Exchange and SQL Server Microsoft Developer Tools (Visual Studio and .NET) Adobe (if you get this far) Browsers There were no native updates for Microsoft’s browsers this month. The Chromium project has released 14 patches that have been integrated in the latest Edge release . Add these low-profile changes to your standard release calendar. Windows The following product areas have been updated with two critical patches, 101 labeled important, (yes, that’s a lot) and one rated as moderate. Given the reports of public disclosure and exploitation, we’ve highlighted the following vulnerabilities: CVE-2025-24052 and CVE-2025-24990 : To address this Elevation of Privilege vulnerability in Windows desktops, Microsoft is not offering an update, but instead a removal of the ltmdm64.sys driver. The Readiness team recommends an application portfolio assessment, scanning for file and API level dependencies for this driver. Looking for application packages that deal with Faxes would be a good start. CVE-2025-2884 : This update addresses a vulnerability in the CryptHmacSign function. There have been issues reported on this (and similar) out-of-bounds vulnerability(s) since June. However, Microsoft now says this vulnerability has been publicly disclosed. CVE-2025-59230 : Exploits for this vulnerability in Windows Remote Access Connection Manager ( WRACM ) have been published; unless addressed, it could lead to an elevation of privilege scenario on the target systems. Given these four reported zero-days for Windows, add this to your “Patch Now” schedule for October. Microsoft Office Microsoft released three updates (rated as critical) affecting Office as a platform and specifically Microsoft Excel with CVE-2025-59234 , CVE-2025-59236 and CVE-2025-59227 . All three updates address use-after-free memory issues; the remaining 15 patches are rated as important and address information disclosure related vulnerabilities. Add these Office updates to your standard release calendar. Microsoft Exchange and SQL Server Microsoft published a single update for SQL Server this October. This patch ( CVE-2025-59250 ) has been rated important and attempts to resolve an issue with the JDBC integration with Microsoft SQL Server. A server reboot will be required. In addition, Microsoft released three updates to Microsoft Exchange Server ( CVE-2025-53782 , CVE-2025-59249 and CVE-2025-59248 ). Add these SQL Server and Exchange Server changes to your standard server update plan. Developer tools Six updates were published for Microsoft .NET and Visual Studio, all of them rated important. The update to Git ( CVE-2025-54132 ) might appear odd as it relates to a bug in the Mermaid Diagram tool, but it was created on behalf of Git for publishing reasons. Add these updates to your standard patching schedule. Adobe (and third-party updates) Next month, we might see the retirement of this Adobe related section (promises, promises). That said, Microsoft has released seven updates from third-party vendors, including CERT/CC, Mitre and GitHub. It looks like Mitre and AMD are raising these CVE entries on behalf of open source organizations (such as libTiFF ) to facilitate the rapid patches of these commonly used components. It’s a good idea. I hope that we see more of this kind of collaboration.
Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. (All other updates can be added to your standard patch release schedule.) To help you navigate these changes, the Readiness team created this detailed infographic detailing the risks of deploying updates to each platform . (More information about recent Patch Tuesday releases is available here .) Known issues Microsoft documented a single, relatively minor issue with last month’s patches affecting Windows 11 desktops only: Applications that use Enhanced Video Renderer ( ECR ) with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens. Microsoft partially resolved this problem with its October update. We don’t expect an out-of-bounds fix for this playback issue; a full fix may have to wait until next month. Major revisions and mitigations Microsoft published several revisions to its Azure Entra ID and authentication offering and other Azure tools. However, there appears to be only one revision to a desktop (or server) patch since September:n CVE-2025-50173 : Windows Installer Elevation of Privilege Vulnerability. Microsoft has updated the recommendations for this patch to include using the Multimedia Redirection Installer as well as updating all affected target systems. This revision requires customer action and should be considered for most enterprise deployments. Windows lifecycle and enforcement updates So this is awkward . General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11” It is probably now the time to give Windows 11 a try. Soon(ish). Each month, the Readiness crew analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on a large app portfolio and an in-depth analysis of the patches and their potential impact on Windows platforms and application deployments. These areas are covered: RDP connectivity and session reliability. Printing and document workflow resilience. Network throughput and proxy behavior validation. UI and GPU rendering stability within Hyper-V environments. Core OS and system validation Readiness recommends that testing teams begin by validating the foundational elements of the Windows platform. Ensuring smooth startup, account management, and policy operations helps catch regressions early and prevents cascading test failures downstream: Test basic boot, login, and Windows Defender Application Control (WDAC) policy enforcement. Validate administrative tasks such as user creation, group management, and policy refresh. Confirm stability during restart, shutdown, and update rollback scenarios. Run targeted tests of BitLocker recovery and drive encryption workflows. As part of this testing effort ,ensure that Windows desktop system-level policies, encryption, and authentication behave as expected before you layer on additional higher‑level functionality testing. Remote Desktop and network connectivity We recommend validating session reliability, reconnection performance, and the behavior of dependent services for hybrid and distributed environments: Perform end-to-end RDP sessions between clients and servers. Copy files between sessions, redirect local printers and USB devices and disconnect and reconnect sessions to verify state persistence. Confirm VPN connectivity using multiple tunneling and authentication methods. Open browsers, connect repeatedly to multiple sites, and transfer large files to validate stability over TCP/IP. Test SMB loopback connections using UNC paths and validate proxy configurations when switching between corporate and guest networks. Validate client-side printing from Remote Desktop Services sessions. Your testing should generate stable connectivity sessions under changing conditions, with stateful RDP and VPN sessions and predictable proxy behavior. Printing and document workflows Testing teams should prioritize both client and server‑side printing services, with an emphasis on high‑concurrency and recovery scenarios such as: Perform multiple (large) print jobs through the Print Workflow Service . Cancel jobs mid-process and observe recovery. Restart the service during active printing to ensure there are no deadlocks or orphaned tasks. Critical core printing functions were updated this month, so crashes and blue-screens could be “ on the menu ” with this update. (Let’s hope not.) Networking and bluetooth interoperability Network stacks and wireless connectivity remain central to mobility testing. Teams should prioritize interoperability, speed, and reconnection behaviors for both wired and wireless scenarios: Conduct file‑transfer tests over IPv6 and measure throughput under variable latency. Perform a Bluetooth file transfer. Exercise packet send/receive flows using browsers, messaging apps, and file uploads. Test Bluetooth pairing and switching between multiple devices. Observe media playback and disconnect/reconnect transitions for smoothness and stability. Verify Nearby Share for varied file sizes and formats. You should be looking for stable file transfers (including Nearby Share and Bluetooth), consistent device switching, and reliable wireless throughput across mixed environments. Storage and file system operations Prioritize validating data integrity and access control through stress testing of file systems and storage pools: Perform NTFS read/write tests including rename, delete, and copy. Execute permission changes using GetSecurityInfo and SetSecurityInfo. Test ReFS deduplication scheduling through PowerShell. Simulate storage expansion with Storage Spaces Direct (S2D) . Look for consistent read/write access and reliable storage virtualization behavior during expansion and scheduled deduplication. Graphics and UI rendering We recommend validating visual consistency and GPU acceleration in both native and virtualized environments: Verify apps using DirectComposition and the DWM API render correctly under theme changes. Change themes and wallpapers while apps run to test live refresh. Confirm GPU-accelerated Hyper-V VM sessions remain stable with display remoting enabled. You want to ensure stable rendering and error‑free theme transitions across both physical and virtual environments. Security and identity validation Testing teams should verify identity handoffs, certificate management, and logging accuracy: Test token-based sign-ins through Microsoft Entra ID and legacy NTLM fallbacks. Verify certificate generation and key management via BCrypt and NCrypt . Confirm proper logging and access-denied events in Windows Event Viewer . Try testing out credential exchanges and cryptographic functions — and ensure that audit events operate consistently across updated builds. Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: Browsers (Microsoft IE and Edge) Windows (both desktop and server) Microsoft Office Microsoft Exchange and SQL Server Microsoft Developer Tools (Visual Studio and .NET) Adobe (if you get this far) Browsers There were no native updates for Microsoft’s browsers this month. The Chromium project has released 14 patches that have been integrated in the latest Edge release . Add these low-profile changes to your standard release calendar. Windows The following product areas have been updated with two critical patches, 101 labeled important, (yes, that’s a lot) and one rated as moderate. Given the reports of public disclosure and exploitation, we’ve highlighted the following vulnerabilities: CVE-2025-24052 and CVE-2025-24990 : To address this Elevation of Privilege vulnerability in Windows desktops, Microsoft is not offering an update, but instead a removal of the ltmdm64.sys driver. The Readiness team recommends an application portfolio assessment, scanning for file and API level dependencies for this driver. Looking for application packages that deal with Faxes would be a good start. CVE-2025-2884 : This update addresses a vulnerability in the CryptHmacSign function. There have been issues reported on this (and similar) out-of-bounds vulnerability(s) since June. However, Microsoft now says this vulnerability has been publicly disclosed. CVE-2025-59230 : Exploits for this vulnerability in Windows Remote Access Connection Manager ( WRACM ) have been published; unless addressed, it could lead to an elevation of privilege scenario on the target systems. Given these four reported zero-days for Windows, add this to your “Patch Now” schedule for October. Microsoft Office Microsoft released three updates (rated as critical) affecting Office as a platform and specifically Microsoft Excel with CVE-2025-59234 , CVE-2025-59236 and CVE-2025-59227 . All three updates address use-after-free memory issues; the remaining 15 patches are rated as important and address information disclosure related vulnerabilities. Add these Office updates to your standard release calendar. Microsoft Exchange and SQL Server Microsoft published a single update for SQL Server this October. This patch ( CVE-2025-59250 ) has been rated important and attempts to resolve an issue with the JDBC integration with Microsoft SQL Server. A server reboot will be required. In addition, Microsoft released three updates to Microsoft Exchange Server ( CVE-2025-53782 , CVE-2025-59249 and CVE-2025-59248 ). Add these SQL Server and Exchange Server changes to your standard server update plan. Developer tools Six updates were published for Microsoft .NET and Visual Studio, all of them rated important. The update to Git ( CVE-2025-54132 ) might appear odd as it relates to a bug in the Mermaid Diagram tool, but it was created on behalf of Git for publishing reasons. Add these updates to your standard patching schedule. Adobe (and third-party updates) Next month, we might see the retirement of this Adobe related section (promises, promises). That said, Microsoft has released seven updates from third-party vendors, including CERT/CC, Mitre and GitHub. It looks like Mitre and AMD are raising these CVE entries on behalf of open source organizations (such as libTiFF ) to facilitate the rapid patches of these commonly used components. It’s a good idea. I hope that we see more of this kind of collaboration.
Microsoft this week released 175 updates affecting Windows and Office and .NET, including server-based updates for Microsoft SQL Server and Exchange server. There are also four zero-day fixes ( CVE-2025-24052 , CVE-2025-24990 , CVE-2025-2884 and CVE-2025-59230 ), leading to a “Patch Now” recommendation for Windows. (All other updates can be added to your standard patch release schedule.) To help you navigate these changes, the Readiness team created this detailed infographic detailing the risks of deploying updates to each platform . (More information about recent Patch Tuesday releases is available here .) Known issues Microsoft documented a single, relatively minor issue with last month’s patches affecting Windows 11 desktops only: Applications that use Enhanced Video Renderer ( ECR ) with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens. Microsoft partially resolved this problem with its October update. We don’t expect an out-of-bounds fix for this playback issue; a full fix may have to wait until next month. Major revisions and mitigations Microsoft published several revisions to its Azure Entra ID and authentication offering and other Azure tools. However, there appears to be only one revision to a desktop (or server) patch since September:n CVE-2025-50173 : Windows Installer Elevation of Privilege Vulnerability. Microsoft has updated the recommendations for this patch to include using the Multimedia Redirection Installer as well as updating all affected target systems. This revision requires customer action and should be considered for most enterprise deployments. Windows lifecycle and enforcement updates So this is awkward . General support for Windows 10 ended Oct. 14 , with Microsoft advising: “At this point technical assistance, feature updates and security updates are no longer provided. If you have devices running Windows 10, we recommend upgrading them to Windows 11” It is probably now the time to give Windows 11 a try. Soon(ish). Each month, the Readiness crew analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance based on a large app portfolio and an in-depth analysis of the patches and their potential impact on Windows platforms and application deployments. These areas are covered: RDP connectivity and session reliability. Printing and document workflow resilience. Network throughput and proxy behavior validation. UI and GPU rendering stability within Hyper-V environments. Core OS and system validation Readiness recommends that testing teams begin by validating the foundational elements of the Windows platform. Ensuring smooth startup, account management, and policy operations helps catch regressions early and prevents cascading test failures downstream: Test basic boot, login, and Windows Defender Application Control (WDAC) policy enforcement. Validate administrative tasks such as user creation, group management, and policy refresh. Confirm stability during restart, shutdown, and update rollback scenarios. Run targeted tests of BitLocker recovery and drive encryption workflows. As part of this testing effort ,ensure that Windows desktop system-level policies, encryption, and authentication behave as expected before you layer on additional higher‑level functionality testing. Remote Desktop and network connectivity We recommend validating session reliability, reconnection performance, and the behavior of dependent services for hybrid and distributed environments: Perform end-to-end RDP sessions between clients and servers. Copy files between sessions, redirect local printers and USB devices and disconnect and reconnect sessions to verify state persistence. Confirm VPN connectivity using multiple tunneling and authentication methods. Open browsers, connect repeatedly to multiple sites, and transfer large files to validate stability over TCP/IP. Test SMB loopback connections using UNC paths and validate proxy configurations when switching between corporate and guest networks. Validate client-side printing from Remote Desktop Services sessions. Your testing should generate stable connectivity sessions under changing conditions, with stateful RDP and VPN sessions and predictable proxy behavior. Printing and document workflows Testing teams should prioritize both client and server‑side printing services, with an emphasis on high‑concurrency and recovery scenarios such as: Perform multiple (large) print jobs through the Print Workflow Service . Cancel jobs mid-process and observe recovery. Restart the service during active printing to ensure there are no deadlocks or orphaned tasks. Critical core printing functions were updated this month, so crashes and blue-screens could be “ on the menu ” with this update. (Let’s hope not.) Networking and bluetooth interoperability Network stacks and wireless connectivity remain central to mobility testing. Teams should prioritize interoperability, speed, and reconnection behaviors for both wired and wireless scenarios: Conduct file‑transfer tests over IPv6 and measure throughput under variable latency. Perform a Bluetooth file transfer. Exercise packet send/receive flows using browsers, messaging apps, and file uploads. Test Bluetooth pairing and switching between multiple devices. Observe media playback and disconnect/reconnect transitions for smoothness and stability. Verify Nearby Share for varied file sizes and formats. You should be looking for stable file transfers (including Nearby Share and Bluetooth), consistent device switching, and reliable wireless throughput across mixed environments. Storage and file system operations Prioritize validating data integrity and access control through stress testing of file systems and storage pools: Perform NTFS read/write tests including rename, delete, and copy. Execute permission changes using GetSecurityInfo and SetSecurityInfo. Test ReFS deduplication scheduling through PowerShell. Simulate storage expansion with Storage Spaces Direct (S2D) . Look for consistent read/write access and reliable storage virtualization behavior during expansion and scheduled deduplication. Graphics and UI rendering We recommend validating visual consistency and GPU acceleration in both native and virtualized environments: Verify apps using DirectComposition and the DWM API render correctly under theme changes. Change themes and wallpapers while apps run to test live refresh. Confirm GPU-accelerated Hyper-V VM sessions remain stable with display remoting enabled. You want to ensure stable rendering and error‑free theme transitions across both physical and virtual environments. Security and identity validation Testing teams should verify identity handoffs, certificate management, and logging accuracy: Test token-based sign-ins through Microsoft Entra ID and legacy NTLM fallbacks. Verify certificate generation and key management via BCrypt and NCrypt . Confirm proper logging and access-denied events in Windows Event Viewer . Try testing out credential exchanges and cryptographic functions — and ensure that audit events operate consistently across updated builds. Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: Browsers (Microsoft IE and Edge) Windows (both desktop and server) Microsoft Office Microsoft Exchange and SQL Server Microsoft Developer Tools (Visual Studio and .NET) Adobe (if you get this far) Browsers There were no native updates for Microsoft’s browsers this month. The Chromium project has released 14 patches that have been integrated in the latest Edge release . Add these low-profile changes to your standard release calendar. Windows The following product areas have been updated with two critical patches, 101 labeled important, (yes, that’s a lot) and one rated as moderate. Given the reports of public disclosure and exploitation, we’ve highlighted the following vulnerabilities: CVE-2025-24052 and CVE-2025-24990 : To address this Elevation of Privilege vulnerability in Windows desktops, Microsoft is not offering an update, but instead a removal of the ltmdm64.sys driver. The Readiness team recommends an application portfolio assessment, scanning for file and API level dependencies for this driver. Looking for application packages that deal with Faxes would be a good start. CVE-2025-2884 : This update addresses a vulnerability in the CryptHmacSign function. There have been issues reported on this (and similar) out-of-bounds vulnerability(s) since June. However, Microsoft now says this vulnerability has been publicly disclosed. CVE-2025-59230 : Exploits for this vulnerability in Windows Remote Access Connection Manager ( WRACM ) have been published; unless addressed, it could lead to an elevation of privilege scenario on the target systems. Given these four reported zero-days for Windows, add this to your “Patch Now” schedule for October. Microsoft Office Microsoft released three updates (rated as critical) affecting Office as a platform and specifically Microsoft Excel with CVE-2025-59234 , CVE-2025-59236 and CVE-2025-59227 . All three updates address use-after-free memory issues; the remaining 15 patches are rated as important and address information disclosure related vulnerabilities. Add these Office updates to your standard release calendar. Microsoft Exchange and SQL Server Microsoft published a single update for SQL Server this October. This patch ( CVE-2025-59250 ) has been rated important and attempts to resolve an issue with the JDBC integration with Microsoft SQL Server. A server reboot will be required. In addition, Microsoft released three updates to Microsoft Exchange Server ( CVE-2025-53782 , CVE-2025-59249 and CVE-2025-59248 ). Add these SQL Server and Exchange Server changes to your standard server update plan. Developer tools Six updates were published for Microsoft .NET and Visual Studio, all of them rated important. The update to Git ( CVE-2025-54132 ) might appear odd as it relates to a bug in the Mermaid Diagram tool, but it was created on behalf of Git for publishing reasons. Add these updates to your standard patching schedule. Adobe (and third-party updates) Next month, we might see the retirement of this Adobe related section (promises, promises). That said, Microsoft has released seven updates from third-party vendors, including CERT/CC, Mitre and GitHub. It looks like Mitre and AMD are raising these CVE entries on behalf of open source organizations (such as libTiFF ) to facilitate the rapid patches of these commonly used components. It’s a good idea. I hope that we see more of this kind of collaboration.
Washington Post: Four reliable signs it may be time to pull the plug on your new date.
Washington Post: Four reliable signs it may be time to pull the plug on your new date.
Otago Daily Times 
nzherald 
Computerworld NZ 
NZ Herald Lifestyle