In October 2025, Microsoft released a security update that fixed 175 vulnerabilities, which is the largest batch revealed this year. Among these were two zero-day vulnerabilities: CVE-2025-24990 and CVE-2025-59230, both rated at 7.8 on the CVSS scale. CVE-2025-24990 can allow attackers to gain administrator privileges even when the associated hardware is not in use, affecting all supported Windows versions. Meanwhile, CVE-2025-59230 allows authorized attackers to elevate privileges within the system.
Microsoft removed the affected Agere modem driver to protect users, meaning that certain fax modem hardware will no longer function on Windows. The scopes of these vulnerabilities underline serious security risks, especially as they have been added to the Cybersecurity and Infrastructure Security Agency’s catalog of known exploited vulnerabilities. Other significant vulnerabilities disclosed include CVE-2025-55315 and CVE-2025-49708, both rated 9.9, indicating less likelihood of exploitation but still posing high risks. This information showcases the urgent need for users and organizations to implement the updates provided by Microsoft promptly, ensuring their systems remain secure.
👉 Pročitaj original: CyberScoop
