Microsoft’s October 2025 Patch Tuesday has introduced a comprehensive update addressing a total of 175 vulnerabilities within its ecosystem. Notably, this rollout includes two zero-day elevation-of-privilege (EoP) flaws that have already been exploited in the wild.
Details of the Zero-Day Vulnerabilities
The first of these vulnerabilities, CVE-2025-24990, pertains to the legacy ltmdm64.sys Agere Modem driver, which Microsoft has now removed from Windows. This flaw allows local attackers to gain administrative privileges through an untrusted pointer dereference. Discovered by Fabian Mosch of r-tec IT Security GmbH, with contributions from MSTIC and an anonymous researcher, this vulnerability highlights the risks associated with outdated components, as the driver remained part of Windows distributions despite being largely obsolete.
The second zero-day, CVE-2025-59230, affects the Remote Access Connection Manager due to improper access control, enabling local privilege escalation to SYSTEM level. Microsoft has confirmed that this vulnerability has been exploited in the wild and credited MSTIC and MSRC for its discovery.
Critical Vulnerabilities Addressed
Among the 175 vulnerabilities patched this month, five have been classified as critical, indicating a significant risk to users:
- CVE-2025-59246 (CVSS 9.8) – A flaw in Azure Entra ID that permits remote code execution without user interaction.
- CVE-2025-55315 (CVSS 9.9) – An ASP.NET Core vulnerability affecting confidentiality and integrity across multi-tenant environments.
- CVE-2025-49708 (CVSS 9.9) – A bug in Microsoft Graphics Component that could potentially enable full system compromise from remote vectors.
- CVE-2025-59287 (CVSS 9.8) – A remote code execution flaw in Windows Server Update Service.
- CVE-2025-59228 (CVSS 8.8) – A SharePoint vulnerability that allows pre-authentication remote code execution.
Usability and Reliability Enhancements
In addition to security improvements, the cumulative update (KB5066835) also addresses various usability and reliability issues. Resolved problems include:
- A hang in print preview for Chromium-based browsers.
- Input detection failures in games and apps when signing in with a gamepad only.
- Timeout issues with PowerShell Remoting and missing audit events.
- Setup failures for Windows Hello using USB IR camera modules.
- Deprecated support for fax modems relying on ltmdm64.sys.
Proactive Notifications for Administrators
Microsoft is also taking steps to inform administrators about the impending expiration of Secure Boot certificates in June 2026. Devices with outdated certificates may experience boot failures, prompting affected users, particularly in enterprise environments, to consult Microsoft’s Secure Boot remediation guidance to prevent disruptions.
Update Installation Instructions
Windows 11 users operating versions 24H2 and 25H2 will receive OS builds 26200.6899 and 26100.6899, respectively. This update incorporates previously released changes from KB5065789, meaning systems with that package installed will only receive incremental updates.
To install the latest Windows update, navigate to Settings > Windows Update, then click ‘Check for updates’ and select ‘Install all’ to initiate the process.
A system restart will be necessary for the security fixes to take effect. Prior to executing the update, it is highly advisable to back up important data to safeguard against potential update failures that could lead to filesystem corruption.
If you found this information valuable, consider following us on X/Twitter and LinkedIn for more exclusive content.
