Microsoft Patches 6 Zero-Day Exploits in Critical October Update

Microsoft’s October 2025 Patch Tuesday delivers critical security updates addressing 172 vulnerabilities, including six actively exploited zero-day flaws that demand immediate attention from system administrators. This substantial release contains eight “Critical” rated vulnerabilities, five enabling remote code execution and three allowing privilege escalation. The breakdown reveals 80 elevation of privilege vulnerabilities, 31 remote code execution flaws, 28 information disclosure issues, 11 security feature bypasses, 11 denial of service weaknesses, and 10 spoofing vulnerabilities. These figures exclusively cover updates released today and don’t include earlier fixes for Azure, Mariner, or Microsoft Edge.

Windows 10 reaches its official end of support with this update cycle, marking the final free security update for the longstanding operating system. Organizations and individual users must now enroll in Extended Security Updates (ESU) programs to maintain protection, consumers can purchase one year of coverage while enterprises qualify for three years of extended support.

Among the six zero-day vulnerabilities, three were actively exploited in the wild while two were publicly disclosed before patches became available. The exploited flaws include CVE-2025-24990 in the Windows Agere Modem Driver, which attackers leveraged to gain administrative privileges. Microsoft is completely removing the vulnerable ltmdm64.sys driver, though this will disable associated Fax modem hardware. Researchers Fabian Mosch and Jordan Jay discovered this vulnerability.

CVE-2025-59230 in Windows Remote Access Connection Manager allowed local privilege escalation to SYSTEM level access. Microsoft notes attackers needed “measurable effort in preparation or execution” to successfully exploit this flaw, which was identified internally by Microsoft’s Threat Intelligence Center and Security Response Center.

The third exploited zero-day, CVE-2025-47827, involves a Secure Boot bypass in IGEL OS that could allow mounting unverified filesystems. Microsoft incorporated fixes for this vulnerability discovered by Zack Didcott and publicly documented on GitHub.

The publicly disclosed vulnerabilities include CVE-2025-0033 affecting AMD EPYC processors using Secure Encrypted Virtualization technology. This race condition during memory initialization could let compromised hypervisors modify memory entries, though Microsoft emphasizes Azure’s multiple security guardrails reduce exploitation risk. ETH Zurich researchers Benedict Schlueter, Supraja Sridhara, and Shweta Shinde discovered this flaw.

CVE-2025-24052 represents another Agere Modem Driver privilege escalation similar to CVE-2025-24990, affecting all Windows versions regardless of whether the modem is actively used. The final zero-day, CVE-2025-2884, concerns a Trusted Platform Module (TPM) vulnerability that could cause information disclosure or denial of service through out-of-bounds reads.

Beyond Microsoft’s updates, other vendors including AMD, Redis, and various open-source projects released security advisories this month. The comprehensive Patch Tuesday coverage extends across Microsoft’s entire ecosystem, from Windows components and Office applications to Azure services, development tools, and gaming platforms.

System administrators should prioritize deploying these updates, particularly focusing on the critical-rated vulnerabilities and zero-day fixes. The complete vulnerability list with detailed descriptions and affected systems is available through Microsoft’s Security Update Guide. Regular patch deployment remains essential for maintaining organizational security posture against evolving threats.

(Source: Bleeping Computer)