Microsoft Patches 172 Flaws Including 3 Zero-Days

Microsoft patched 172 security flaws in its October 2025 Patch Tuesday update, the highest monthly total so far this year. The rollout includes fixes for eight critical vulnerabilities, two publicly disclosed issues, and three zero-day exploits. Microsoft patches 172 flaws across its product suite, underscoring the growing complexity of enterprise security risks.

Among the addressed vulnerabilities are CVE-2025-59292, CVE-2025-59291, and CVE-2025-59287, which were actively exploited or publicly known before the update. These flaws affect core Microsoft services and pose significant risks if left unpatched. Microsoft patches 172 flaws as part of this sweeping release, aiming to reduce exposure across Windows, Office, and server platforms.

Security teams are urged to prioritize the most severe vulnerabilities to minimize the attack surface. The list also includes legacy issues like CVE-2016-9535 and newly identified threats such as CVE-2025-61882.

For a complete breakdown of this month’s vulnerabilities, visit the official report below.
https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-october-2025/