Yesterday was the second Tuesday of the month, Microsoft Patch Tuesday. The day the cyber security world thinks about Microsoft patches and vulnerabilities. But remember other vendors also release cyber security and functionality updates and patches on or around the same time – check those as well.
Our support team has been busy reviewing our client monitoring reports and the SOC to check that the Microsoft Patch Tuesday updates have been completed. Our team will also keep an eye on the reports for the next few days to check there are no issues, stagglers or absconders! It is always a busy time for us and should be for you or your IT or Cyber Security Support as well.
Here is Microsoft’s detailed page on Patch Tuesday for October 2025:
October 2025 Security Updates – Release Notes – Security Update Guide – Microsoft
Cyber security highlights
Microsoft’s Patch Tuesday update has fixed 172 vulnerabilities of which 8 are considered critical. Among these critical flaws are 6 zero-day flaws.
Here is a comprehensive article on SANS Internet Storm looking at this month’s updates – although the numbers vary because of the way Johannes Ullrich is now listing the updates:
Microsoft Patch Tuesday October 2025 – SANS ISC
Not sure what a zero-day vulnerability is? Have a look at this article which explains the zero-day risk to your organisation:
What are zero-day vulnerabilities
Ok, so you do not use Windows – you are a Mac person and proud of it, Patch Tuesday has no impact on you. But what happens when your supplier or best client skips the Patch Tuesday updates? These updates are important for everyone! Even more so this month as updates for Microsoft Office are on the way to fix critical errors mentioned above.
Your Takeaway from Microsoft Patch Tuesday.
As always the days around Patch Tuesday are busy for our team as they check the reports from the SOC and RMM to ensure the clients we look after, that everyone in their organisations has updated their systems. If you do not have that kind of support then get these updates done yourself and check that the auto-updating has auto-updated.
Windows 10 is done
Yesterday’s Patch Tuesday was the last time you could count on Windows 10 updates to be included – Microsoft has ended support for the operating system.
Final Windows 10 Patch Tuesday update rolls out as support ends – BleepingComputer
YOU HAVE BEEN WARNED!
Why is Microsoft’s Patch Tuesday Important?
Last year a high-profile hack of the UK’s Electoral Commission, was partly attributed to a failure to apply updates and patches to their systems:
Just when you thought the election was behind us!
Patching and updates are an important step in every cyber security plan – you and you team must get them done – read about that here:
How Microsoft Patch Tuesday can help your cyber security planning
and here:
Don’t Skip That Restart | Octagon Technology
If you’d like our team to check that the updates are being done, have a look here.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Summer Cyber Security Webinars
The first summer webinar has happened – you have missed the live event but I have recorded it. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.
