Microsoft’s October 2025 Patch Tuesday rollout addresses 175 vulnerabilities across its ecosystem, including two zero-day elevation-of-privilege (EoP) flaws already exploited in the wild.
The two actively exploited vulnerabilities patched this month are CVE-2025-24990 and CVE-2025-59230. The first affects the legacy ltmdm64.sys Agere Modem driver, which Microsoft has now removed from Windows. Exploiting this flaw allows local attackers to gain administrative privileges via an untrusted pointer dereference. The vulnerability was discovered by Fabian Mosch of r-tec IT Security GmbH, alongside contributions from MSTIC and an anonymous researcher. Although the driver is largely obsolete, it remained part of Windows distributions and was exploitable regardless of whether the modem was in use.
The second zero-day, CVE-2025-59230, impacts the Remote Access Connection Manager and stems from improper access control. It enables local privilege escalation to SYSTEM level. Microsoft confirmed in-the-wild exploitation and credited MSTIC and MSRC with the discovery.
Among the 175 fixes this month, Microsoft also addressed five critical vulnerabilities, indicating significant risk:
CVE-2025-59246 (CVSS 9.8) – A flaw in Azure Entra ID that permits remote code execution without user interaction.
CVE-2025-55315 (CVSS 9.9) – An ASP.NET Core vulnerability affecting confidentiality and integrity across multi-tenant environments.
CVE-2025-49708 (CVSS 9.9) – A bug in Microsoft Graphics Component potentially enabling full system compromise from remote vectors.
CVE-2025-59287 (CVSS 9.8) – An RCE flaw in Windows Server Update Service.
CVE-2025-59228 (CVSS 8.8) – SharePoint vulnerability enabling pre-authentication RCE.
Beyond security, the cumulative update (KB5066835) includes fixes for usability and reliability. Among the resolved issues:
- A hang in print preview for Chromium-based browsers.
- Input detection failure in games and apps after signing in with a gamepad only.
- Timeout issues with PowerShell Remoting and missing audit events.
- Setup failures for Windows Hello using USB IR camera modules.
- Deprecated support for fax modems relying on ltmdm64.sys.
Microsoft is also proactively warning administrators about the upcoming expiration of Secure Boot certificates in June 2026. Devices with outdated certificates may fail to boot securely. Affected users, especially in enterprise environments, are urged to follow Microsoft’s Secure Boot remediation guidance to avoid disruptions.
Windows 11 users running versions 24H2 and 25H2 will receive OS builds 26200.6899 and 26100.6899, respectively. The update integrates previously released changes from KB5065789, so systems with that package installed will only receive incremental updates.
To install the latest Windows update, open Settings > Windows Update, then click ‘Check for updates’ and select ‘Install all’ to begin the process.
A system restart will be required for the security fixes to apply. Before performing the update, it’s strongly recommended to back up your important data to protect it against update failures that could cause filesystem corruption.
Leave a Reply