As part of October’s Patch Tuesday, Microsoft released fixes for 173 vulnerabilities across its products, including six 0-days and two vulnerabilities that were already under active attack.
This month, two previously publicly disclosed zero-day vulnerabilities in Windows SMB Server and Microsoft SQL Server were fixed, along with three bugs that are already under active attack.
Recall that Microsoft classifies vulnerabilities as zero-day if information about them was publicly disclosed before patches were released, or if the issue was already being actively exploited in real-world attacks. Let’s talk about the latter category—that is, bugs that hackers are already exploiting.
CVE-2025-24990: a privilege escalation vulnerability in the Agere modem driver for Windows. Microsoft removed the Agere modem driver (ltmdm64.sys), which attackers had been using to obtain administrator privileges. In addition, the vulnerability appears to have been publicly disclosed before patches were released.
The company warns that removing the driver will cause the associated hardware to stop working. In addition, the vulnerability affects all versions of Windows, and exploiting it does not require a modem at all.
CVE-2025-59230: an elevation-of-privilege vulnerability in the Remote Access Connection Manager that was exploited by attackers to obtain SYSTEM-level privileges.
“Improper access control in Windows Remote Access Connection Manager allowed an authenticated attacker to elevate privileges locally,” Microsoft explains.
CVE-2025-47827: Secure Boot bypass in IGEL OS prior to version 11.
“In IGEL OS prior to version 11, it was possible to bypass Secure Boot because the igel-flash-driver module did not correctly validate the cryptographic signature. As a result, a specially crafted root filesystem could be mounted from an unverified SquashFS image, the researchers explain. The documented Windows updates include updates for IGEL OS that address this vulnerability. More details in Security Update Guide Supports CVEs Assigned by Industry Partners.”
It is stated that this vulnerability was discovered and publicly described in a GitHub write-up by security researcher Zack Didcott.
It’s worth noting separately that as of October 14, 2025, support for Windows 10 has ended, and this is the last Patch Tuesday for which Microsoft will release free security updates for this OS.
To continue receiving patches for Windows 10, regular users can subscribe to a one-year Extended Security Updates (ESU) plan, while enterprise customers can subscribe for three years. We covered this and other ways to extend the life of Windows 10 in a separate article.