Microsoft Fixes Actively Exploited Flaws in Patch Tuesday Release
Microsoft issued fixes for several actively exploited vulnerabilities in its latest patch Tuesday release.
Microsoft has issued fixes for several flaws, including three that have been exploited, as part of its regularly scheduled Patch Tuesday release.
The October 14 release contains fixes for over 170 vulnerabilities, including 16 that are critical severity, and also coincides with the end of support for Windows 10 this month. Additionally, Microsoft fixed three actively exploited vulnerabilities (CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827).
The most severe of these includes an elevation-of-privilege flaw in Windows Agere Modem driver. Microsoft has since removed the driver from supported Windows releases, and said that fax modem hardware that’s dependent on the driver will no longer work on Windows. The flaw (CVE-2025-24990) could enable attackers to gain administrator privileges, and has a CVSS score of 7.8 out of 10.
“Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems,” according to Microsoft in an advisory. “This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.”
All supported Windows versions are impacted by exploitation of the flaw, even if the modem isn’t being actively used; Microsoft said it recommends removing any existing dependencies on the hardware.
Microsoft also fixed an actively exploited bug (CVE-2025-59230) in Windows Remote Access Connection Manager, which enables stable remote network access. The elevation-of-privilege flaw stems from improper access control and could allow an already authorized attacker to elevate privileges locally.
The third exploited vulnerability is a Secure Boot bypass in IGEL OS (before 11), a Linux-based enterprise operating system for endpoints. The flaw (CVE-2025-47827) could allow threat actors to bypass Secure Boot, Microsoft’s security feature that makes sure only trusted software is loaded up during the boot process.
“In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature,” according to Microsoft’s release. “Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.”
Other noteworthy flaws that were fixed include a critical-severity elevation-of-privilege bug in Azure Entra ID (CVE-2025-59246), a critical remote code execution flaw in Windows Graphics Component (CVE-2025-49708), and a critical flaw remote code execution vulnerability in Windows Server Update Service (WSUS) (CVE-2025-59287).
Recent Comments
No comments to show.