Microsoft's Big Patch Tuesday: Five Critical RCE Vulnerabilities Fixed
Microsoft has released nine security bulletins for this month's Patch Tuesday, five of which address critical Remote Code Execution (RCE) vulnerabilities. The updates cover various Microsoft 365 products, including Internet Explorer, Windows, .NET, and Office. Oracle is also set to release updates for its Enterprise Performance Management software and introduce new AI agents in its Fusion Cloud applications.
The most pressing issues involve RCE vulnerabilities, which allow attackers to remotely execute code on targeted systems. Bulletin #1 addresses the first RCE vulnerability in Internet Explorer, affecting all currently supported versions on all operating systems, including Windows RT. Bulletins #2 and #3, rated critical, tackle RCE issues in .NET and the Windows operating system, respectively.
Bulletin #5 is the last RCE-style vulnerability, rated important, and likely requires user interaction to be exploited. Oracle is expected to address a similar vulnerability in its Enterprise Performance Management software with an upcoming October 2025 update. Additionally, Oracle has introduced new role-based AI agents embedded in its Oracle Fusion Cloud Applications as of early October 2025.
Bulletins #4, #7, #8, and #9 are local vulnerabilities in Windows, Office, and Microsoft 365 developer's tools. An update for Flash from Adobe is also expected. Oracle will publish its quarterly update next week, addressing many software components of a typical enterprise.
With five RCE vulnerabilities addressed, this month's Patch Tuesday is focused on urgent security concerns. Both Microsoft 365 and Oracle have updates planned to mitigate these issues, with Microsoft releasing nine bulletins and Oracle set to update its Enterprise Performance Management software and introduce new AI agents in its Fusion Cloud applications. Users and administrators are advised to apply these updates promptly to protect their systems from potential security threats.
