It’s set to be a busy October for system directors after Microsoft issued safety updates to repair 172 vulnerabilities together with six classed as zero-days.
Three of the zero-day vulnerabilities on this month’s Patch Tuesday listing are being actively exploited.
CVE-2025-59230 is an area elevation of privilege (EoP) bug within the Home windows Distant Entry Connection Supervisor.
“With no consumer interplay required, this may go straight into an attacker’s customary toolkit,” warned Rapid7 lead software program engineer, Adam Barnett.
“There’s little or no data within the advisory itself, however somebody on the market is aware of precisely find out how to exploit this vulnerability.”
CVE-2025-24990 is one other EoP vulnerability, this time within the third-party Agere Modem driver (ltmdm64.sys) which ships with Home windows. Curiously, Microsoft has eliminated the driving force fairly than patch the flaw.
Ben McCarthy, lead cybersecurity engineer at Immersive, argued that the bug highlights the dangers of legacy parts.
“This driver, which helps {hardware} from the late Nineties and early 2000s, predates present safe growth practices and has remained largely unchanged for years. Kernel-mode drivers function with the best system privileges, making them a major goal for attackers looking for to escalate their entry,” he defined.
“Microsoft’s resolution to take away the driving force solely, fairly than difficulty a patch, is a direct response to the dangers related to modifying unsupported, third-party legacy code. Makes an attempt to patch such a element may be unreliable, probably introducing system instability or failing to handle the foundation explanation for the vulnerability utterly.”
Learn extra on Patch Tuesday: Two Zero-Days Amongst Patch Tuesday CVEs This Month
The third zero-day actively being exploited within the wild is CVE-2025-47827: a safe boot bypass bug that impacts IGEL OS, a third-party OS designed to offer digital desktop infrastructure.
Kev Breen, senior director of risk analysis at Immersive, claimed a proof of idea has been obtainable for this vulnerability since Could, making exploitation trivial.
“The impacts of a safe boot bypass may be important, as risk actors can deploy a kernel-level rootkit, having access to the IGEL OS itself and, by extension then tamper with the digital desktops, together with capturing credentials,” he added.
“It needs to be famous that this isn’t a distant assault, and bodily entry is usually required to use the sort of vulnerability, which means that ‘evil-maid’ fashion assaults are the most certainly vector affecting staff who journey regularly.”
Three Publicly Disclosed Zero-Days
The three remaining zero-days have been publicly disclosed however to this point not exploited. They’re:
- CVE-2025-0033: a essential vulnerability in AMD EPYC processors utilizing Safe Encrypted Virtualization – Safe Nested Paging (SEV-SNP), for which there’s not but a patch
- CVE-2025-24052: an EoP bug in Agere Modem driver just like CVE-2025-24990
- CVE-2025-2884: an out-of-bounds learn vulnerability in TCG TPM2.0 that would end in data disclosure or denial of service
That is the final Patch Tuesday during which Home windows 10 customers will obtain free updates. To proceed receiving patches, shoppers and enterprise clients might want to pay for Microsoft’s Prolonged Safety Updates (ESU) scheme.
Picture credit score: gguy / Shutterstock.com
