Full Report
The tech giant addressed a record-high number of defects for the year in its latest update. The post Microsoft’s Patch Tuesday fixes 175 vulnerabilities, including two actively exploited zero-days appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Microsoft October 2025 Patch Day Summary
## CVE Details
- CVE ID: CVE-2025-24990, CVE-2025-59230 (Zero-Days), CVE-2025-55315, CVE-2025-49708, CVE-2025-59246, CVE-2025-59287 (and 170 others)
- CVSS Score: 7.8 (Medium/High - for the two zero-days); 9.9 (Critical - for two high-severity flaws)
- CWE: Not explicitly listed for all, but implied Information Disclosure/Improper Access Control.
## Affected Systems
- Products: Windows operating systems (all supported versions), Agere Windows Modem Driver, Windows Remote Access Connection Manager, ASP.NET core, Microsoft Graphics Component, Azure Entra ID, Windows Server Update Service.
- Versions: All supported versions of Windows (specific versions require checking MSRC).
- Configurations: CVE-2025-24990 can affect systems even if the modem is not actively being used. CVE-2025-59230 requires local access by an authorized user for privilege escalation.
## Vulnerability Description
Microsoft addressed a total of 175 vulnerabilities. Highlights include two actively exploited zero-days:
1. **CVE-2025-24990 (Agere Windows Modem Driver):** An improper access control vulnerability that can allow an attacker to achieve **administrator privileges** via the third-party Agere Modem drive. This driver is being removed in the October update.
2. **CVE-2025-59230 (Windows Remote Access Connection Manager):** An improper access control vulnerability allowing an **authorized attacker to elevate privileges locally to gain system privileges**. This component is frequently patched.
Other severe vulnerabilities include CVE-2025-55315 (ASP.NET core) and CVE-2025-49708 (Microsoft Graphics Component), both rated 9.9 CVSS. Microsoft flagged 14 defects as more likely to be exploited, including critical flaws in Azure Entra ID (CVE-2025-59246) and WSUS (CVE-2025-59287), which are rated 9.8 CVSS. Exploitation status for CVE-2025-55315 and CVE-2025-49708 is listed as less likely.
## Exploitation
- Status: **Actively exploited in the wild** for CVE-2025-24990 and CVE-2025-59230 (CISA has added both to KEV catalog). Other specific exploitation statuses are not widely detailed but 14 were flagged as more likely to be exploited.
- Complexity: Generally low for privilege escalation vulnerabilities that are actively exploited (CVE-2025-24990 allows admin rights). Complexity for 9.9 CVSS flaws is not explicitly stated but they demand immediate attention.
- Attack Vector: Varies (Network/Local required depending on the flaw). CVE-2025-24990 impact is noted potentially without modem use; CVE-2025-59230 requires local access.
## Impact
- Confidentiality: High (due to administrator/system privilege escalation possible via zero-days).
- Integrity: High (due to administrator/system privilege escalation possible via zero-days).
- Availability: Impact depends on the specific vulnerability; general impact is expected to be high for critical fixes.
## Remediation
### Patches
- Specific patch details are available via Microsoft’s Security Response Center release note for October 2025.
- **Key action:** Install the October 2025 security update.
### Workarounds
- **For CVE-2025-24990:** Microsoft has removed the third-party Agere Modem driver in the October update. **Note:** Fax modem hardware relying on this driver will no longer function on Windows post-patching.
## Detection
- Detection methods would involve monitoring system logs for anomalous privilege escalation attempts, particularly revolving around modem/remote access services, immediately prior to or following the patch deployment.
- **Indicator:** Systems reporting unexpected privilege elevation to SYSTEM or Administrator context.
- **Tools:** CISA's KEV catalog inclusion suggests integration with EDR/Vulnerability management platforms flagging systems missing the specific October 2025 updates.
## References
- Vendor Advisories: [Microsoft’s Security Response Center October 2025 Release Notes](https://msrc.microsoft.com/update-guide/releaseNote/2025-Oct) (defanged)
- Relevant Links: Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities Catalog (defanged)