CONTACT US
Twitter Linkedin Youtube
Patch Review Recommendations

Flexis October 2025 Patch Recommendation

Patches Microsoft released in October 2025

 

  • KB5066835: 2025-10 Cumulative Update for Microsoft server operating system version 24H2 for x64-based Systems
  • KB5066782: 2025-10 Cumulative Update for Microsoft server operating system version21H2 for x64-based Systems
  • KB5066586: 2025-10 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems
  • KB5066584: 2025-10 Servicing Stack Update for Windows Server 2016 for x64-based Systems
  • KB5066836: 2025-10 Cumulative Update for Windows Server 2016 for x64-based Systems

Impacted Products:

Microsoft-Windows

Microsoft Windows

Microsoft-Edge

Microsoft Edge

(HTML-based)

Microsoft-Edge

Microsoft Edge

 (Chromium-based)

Internet-Explorer

Internet Explorer

Microsoft-Office

Microsoft Office and Microsoft Office Services and Web Apps

Windows-Defenser

Windows Defender

Visual-Studio

Visual Studio

6

ASP.NET Core

Untitled design (1)

Chakra Core

Microsoft-Dynamics

Microsoft Dynamics

NET-Framework

.NET Framework

NET-Core

.NET Core

Please note the following information regarding the security updates:

Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 is ended on October 14, 2025. The current version, 22H2, will be the final version of Windows 10. The following editions will remain in support with monthly security update releases through that date:
Home
Pro
Pro Education
Pro for Workstations
Education
Enterprise
Enterprise multi-session

KB5066835: Windows 11 version 25H2, all editions Windows 11 version 24H2, all editions

Link to Microsoft Support

Windows Secure Boot certificate expiration

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance.

Improvements

This security update contains fixes and quality improvements from KB5065789 (released September 29, 2025). The following summary outlines key issues addressed by this update. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.

  • [Browser] Fixed: This update addresses an issue that caused the print preview screen to stop responding in Chromium-based browsers.
  • [Gaming] Fixed: An issue occurred when users signed in to a Windows device using only a Gamepad at the lock screen. If no other input methods—such as touch or fingerprint—were used during sign-in, apps and games did not respond to input afterward.
  • [PowerShell]
    • Fixed: This update addresses an issue that affects PowerShell Remoting and Windows Remote Management (WinRM), where commands might time out after 10 minutes.
    • ​​​​​​​Fixed: This update addresses an issue that prevented an audit event from being logged.
  • [Windows Hello] Fixed: This update addresses an issue that affects the setup process for Windows Hello face recognition when using USB infrared camera modules. Users were unable to complete setup due to a persistent error message, such as “Make sure your face is centered in the frame.” ​​​​​​​
  • [Compatibility] This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.
  • [Cryptography] This update enforces a security hardening improvement by requiring use of Key Storage Provider (KSP) instead of Cryptographic Service Provider {CSP) for RSA-based smart card certificates. If you experience problems with smart card authentication as a result of this design change, see the Windows Release Health site for resolution steps.  For additional details, see CVE-2024-30098.

Known issues in this update

Symptoms

Some Digital TV and Blu-ray/DVD apps might not play protected content as expected after installing the August 29, 2025, Windows non-security preview update (KB5064081), or later updates.

Apps that use Enhanced Video Renderer with HDCP enforcement or Digital Rights Management (DRM) for digital audio might show copyright protection errors, frequent playback interruptions, unexpected stops, or black screens.

Streaming services are not affected. 

 

Workaround:

This issue is partially resolved. Problems affecting certain applications that use Enhanced Video Renderer with HDCP enforcement have been addressed in the September 2025 Windows preview update (KB5065789) and later updates.

 

We recommend installing the latest update for your device. It includes important improvements and fixes, including a resolution for this issue.

However, some apps that use DRM for digital audio might still experience problems.

​​​​​​​We’re investigating a long-term solution for affected apps and will share more information when it’s available.

 

Symptoms

After installing October 2025 security update (KB5066835), USB devices, such as keyboards and mice, do not function in the Windows Recovery Environment (WinRE). This issue prevents navigation of any of the recovery options within WinRE. Note that the USB keyboard and mouse continue to work normally within the Windows operating system.

 

Workaround

This issue is addressed in KB5070773.

KB5066782- Windows Server 2022

Link to Microsoft Support

Windows Secure Boot certificate expiration

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

Improvements

This security update contains fixes and quality improvements from KB5065432 (released September 9, 2025). The following summary outlines key issues addressed by this update. Also, included are available new features. The bold text within the brackets indicates the item or area of the change.

  • [Input]
    • Fixed: An issue where some characters didn’t display correctly when using the Chinese Input Method Editor (IME).
    • Fixed: This update addresses an issue where certain Chinese characters appeared as empty boxes in some text fields, such as those used in Connection Manager Administration Kit, when a character limit was set.
  • [Networking (known issue)] Fixed: This update addresses an issue where you might not be able to connect to shared files and folders if you’re using the Server Message Block (SMB) v1 protocol on NetBIOS over TCP/IP NetBIOS (NetBT). This can happen after installing update KB5065432.
  • [PowerShell] Fixed: This update addresses an issue that affects PowerShell Remoting and Windows Remote Management (WinRM), where commands might time out after 10 minutes.
  • [Stability issue] Fixed: This update addresses an issue observed in rare cases after installing the May 2025 security update and subsequent updates causing devices to experience stability issues. Some devices became unresponsive and stopped responding in specific scenarios.
  • [System services and reliability] Fixed: Addresses an issue that caused McpManagement service to appear without a description on Windows.
  • [Compatibility] This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows
  • [Cryptography] This update enforces a security hardening improvement by requiring use of Key Storage Provider (KSP) instead of Cryptographic Service Provider {CSP) for RSA-based smart card certificates. If you experience problems with smart card authentication as a result of this design change, see the Windows Release Health site for resolution steps.  For additional details, see CVE-2024-30098.

Known issues in this update

Microsoft is not currently aware of any issues with this update.

KB5066586: - Windows 10 Enterprise, version 1809 Windows Server 2019

Link to Microsoft Support

Support for Windows 10 ended on 14th October 2025

After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.

Summary

Applies to: Win 10 Ent LTSC 2019, Win 10 IoT Ent LTSC 2019, and Windows 10 IoT Core LTSC

This security update includes fixes and quality improvements that are part of the following update:

The following is a summary of the issues that this update addresses when you install this update. The bold text within the brackets indicates the item or area of the change we are documenting.

 

​​​[Input and Composition]

  • Fixed: An issue with the Chinese Input Method Editor (IME). Private Unicode characters were shown incorrectly and did not meet GB18030 standard.
  • Fixed: An issue that affects USER32 Edit controls. Surrogate pairs appear as empty boxes when text fields reach their length limit.

[Windows Remote Management (WinRM)]

  • Fixed: An issue that affects PowerShell Remoting and WinRM in which commands time out after 600 seconds.

[Fax modem driver]

  • This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows.

[Cryptography] 

  • This update enforces a security hardening improvement by requiring use of Key Storage Provider (KSP) instead of Cryptographic Service Provider {CSP) for RSA-based smart card certificates. If you experience problems with smart card authentication as a result of this design change, see the Windows Release Health site for resolution steps.  For additional details, see CVE-2024-30098.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

 

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the October 2025 Security Updates.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 10, version 1809, see its update history page.

Known issues in this update

We are currently not aware of any issues with this update.

KB5066584:- Windows 10, version 1607, all editions Windows Server 2016

Link to Microsoft Support

Windows Secure Boot certificate expiration

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

End of support information

Support for Windows 10 has ended on October 14, 2025

After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.​​​​​​​​​​​​​​​​​​​​​

KB5066836:- Windows 10, version 1607, all editions Windows Server 2016, all editions

Link to Microsoft Support

Windows Secure Boot certificate expiration

Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates.

Applies to: Windows 10 IoT Enterprise 2016 LTSB

This security update includes fixes and quality improvements that are part of the following update:

The following is a summary of the issues that this update addresses. The bold text within the brackets indicates the item or area of the change we are documenting.

  • [Windows Remote Management (WinRM)] Fixed: An issue that affects PowerShell Remoting and WinRM in which commands time out after 600 seconds.
  • [Fax modem driver] This update removes the ltmdm64.sys driver. Fax modem hardware dependent on this specific driver will no longer work in Windows
  • [Cryptography] This update enforces a security hardening improvement by requiring use of Key Storage Provider (KSP) instead of Cryptographic Service Provider {CSP) for RSA-based smart card certificates. If you experience problems with smart card authentication as a result of this design change, see the Windows Release Health site for resolution steps.  For additional details, see CVE-2024-30098.

If you installed earlier updates, only the new updates contained in this package will be downloaded and installed on your device.

For more information about security vulnerabilities, please refer to the new Security Update Guide website and the October 2025 Security Updates.

For more information about Windows 10, version 1607, see its update history page.

For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types.

Known issues in this update

Microsoft is not currently aware of any issues with this update.

  • 408-940-3235
  • 2005 De La Cruz Blvd Suite 128, Santa Clara, California, 95050

About us

NOC Services

SOC Services

Help Desk