On October 15, 2025, Microsoft released security updates addressing 183 vulnerabilities across its product suite. Among these, three zero-day vulnerabilities have been identified as actively exploited in the wild. This update coincides with the official end of support for Windows 10, except for systems enrolled in the Extended Security Updates (ESU) program.
Overview of the Vulnerabilities:
The 183 vulnerabilities are categorized as follows:
– Critical: 17 vulnerabilities
– Important: 165 vulnerabilities
– Moderate: 1 vulnerability
The majority of these flaws pertain to elevation of privilege vulnerabilities (84), followed by remote code execution (33), information disclosure (28), spoofing (14), denial-of-service (11), and security feature bypass (11).
Details of the Actively Exploited Zero-Day Vulnerabilities:
1. CVE-2025-24990: This elevation of privilege vulnerability resides in the Windows Agere Modem Driver (ltmdm64.sys). An attacker exploiting this flaw could execute code with elevated privileges. Notably, this driver is present by default on all Windows systems, regardless of hardware usage. Microsoft plans to remove the driver entirely rather than issuing a patch for this legacy component.
2. CVE-2025-59230: Located in the Windows Remote Access Connection Manager (RasMan), this elevation of privilege vulnerability allows attackers to gain elevated privileges. This marks the first instance of a zero-day exploit in RasMan, a component that has seen over 20 patches since January 2022.
3. CVE-2025-47827: This Secure Boot bypass vulnerability affects IGEL OS versions prior to 11. Exploitation could enable attackers to deploy kernel-level rootkits, compromising the operating system and potentially capturing credentials. Physical access is typically required for this type of attack, making it a concern for scenarios involving direct hardware access.
Implications and Recommendations:
The exploitation of these vulnerabilities underscores the persistent threats targeting Windows systems. Organizations and individuals are urged to:
– Apply Security Updates Promptly: Ensure all systems are updated with the latest patches to mitigate these vulnerabilities.
– Review Legacy Components: Assess and, if necessary, remove outdated drivers and components that may pose security risks.
– Monitor System Activity: Implement monitoring solutions to detect unusual activities that may indicate exploitation attempts.
By taking these proactive measures, users can enhance their security posture against potential threats exploiting these vulnerabilities.
