HomeNews

Microsoft Fixed 172 Vulnerabilities, Including 6 Critical Zero-Day Threats (October 2025)

2025-10-15 by Chemtable Software

As part of the monthly “Patch Tuesday” held on October 14, 2025, Microsoft Corporation released important fixes for 172 security issues, six of which belonged to the “zero-day” vulnerability category.

Among the fixed issues, 8 vulnerabilities rated as “Critical” draw particular attention: five of them allowed for remote code execution, and three others could lead to privilege escalation in the system.

Distribution of the fixed vulnerabilities by category:

  • 80 cases of potential privilege escalation
  • 11 vulnerabilities allowing to bypass security features
  • 31 remote code execution issues
  • 28 vulnerabilities leading to information disclosure
  • 11 denial of service threats
  • 10 spoofing cases

It is important to note that these figures do not include vulnerabilities discovered in Azure, Mariner, Microsoft Edge, and other company products, which were fixed earlier during the month.

This “Update Tuesday” is of particular significance for Windows 10 users — the operating system has officially reached the end of support. This is the last time Microsoft releases free security updates for this OS. Read more…

To continue receiving critical security updates, home users can purchase an annual subscription to the Extended Security Updates (ESU) program, and corporate customers can renew it for up to three years.

Six “Zero-Day” Vulnerabilities Fixed

The October “Update Tuesday” fixed six vulnerabilities classified as “zero-day.”

According to Microsoft’s classification, a vulnerability belongs to this category if information about it became publicly available or it was already being actively exploited by attackers before the official fix was released.

Three vulnerabilities that were already being exploited by attackers:

CVE-2025-24990 — Privilege Escalation Vulnerability in Agere Modem Driver for Windows

The company completely removed the Agere modem driver, which attackers used to gain administrative rights in the system.

The official security bulletin states:

Microsoft is aware of vulnerabilities in the third-party Agere Modem driver that ships with supported versions of Windows.

This message is a notification of the upcoming removal of the ltmdm64.sys driver. This driver has already been removed in the October cumulative update.

The corporation warns that after the driver removal, the associated fax modem hardware will cease to function.

CVE-2025-59230 — Privilege Escalation Vulnerability in Windows Remote Access Connection Manager

Microsoft specialists fixed an issue in the Windows Remote Access Connection Manager component, which attackers were already using to gain system privileges (SYSTEM level).

The company explained:

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to escalate their privileges locally.

It is noted that successfully exploiting this vulnerability requires significant effort from the attacker during the preparation and execution stages of the attack.

CVE-2025-47827 — Secure Boot Bypass in IGEL OS prior to version 11

The updates include fixes for a vulnerability allowing to bypass the Secure Boot mechanism in the IGEL OS operating system.

The company reports:

In IGEL OS prior to version 11, the Secure Boot mechanism can be bypassed because the igel-flash-driver module improperly validates the cryptographic signature. As a result, an attacker can mount a fake root file system from an untrusted SquashFS image.

The CVE was created by the MITRE organization on behalf of IGEL. The documented Windows updates include fixes affecting IGEL OS and addressing this vulnerability.

Three vulnerabilities, information about which became publicly available:

CVE-2025-0033 — RMP Corruption During SNP Initialization in AMD Processors

Microsoft specialists are working on fixing a vulnerability in AMD EPYC processors that could potentially affect data integrity in memory.

The company clarifies:

CVE-2025-0033 is a vulnerability in AMD EPYC processors using Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. It is related to a race condition during the initialization of the Reverse Map Table (RMP), which allows a malicious or compromised hypervisor to modify RMP entries before they are locked. This can affect the memory integrity of SEV-SNP guest systems.

However, the vulnerability does not disclose data or secrets in plaintext and requires privileged hypervisor access for exploitation.

It is emphasized that Azure Confidential Computing products implement a multi-layered protection system against such attacks, including isolation, integrity verification, continuous monitoring, and strictly controlled administrative access. These measures significantly reduce the risk of host compromise or unauthorized memory modification, ensuring the confidentiality and integrity of customer workloads in Azure.

Microsoft specifies that security updates for Azure Confidential Computing clusters based on AMD are currently in the process of being rolled out. Customers will be notified about the availability of fixes via the Azure Service Health Alerts system.

CVE-2025-24052 — Privilege Escalation Vulnerability in Agere Modem Driver for Windows

This vulnerability is similar to the previously described CVE-2025-24990 and was likely also publicly disclosed.

Microsoft emphasizes that the issue affects all supported versions of Windows, and successful attack does not require active use of the modem:

All supported versions of Windows may be susceptible to a successful attack using this vulnerability, even if the modem is not actively used.

CVE-2025-2884 — Out-of-Bounds Read Vulnerability in TCG TPM 2.0 Reference Implementation

The company fixed a vulnerability in the TCG TPM 2.0 reference implementation that could lead to information disclosure or TPM module failure.

The security bulletin reports:

CVE-2025-2884 is related to a vulnerability in the CryptHmacSign function of the TCG TPM 2.0 reference implementation. The error occurs due to the lack of validation of the signature scheme matching the signature key algorithm, making the function vulnerable to reading data outside the allowed memory bounds.

The CVE was created by the CERT/CC organization on behalf of TCG. Windows updates include fixes that update the TCG TPM 2.0 implementation and address this vulnerability.

Based on materials from Comss

Related posts:
  1. Microsoft updates: over 70 vulnerabilities fixed
  2. Microsoft Fixed 107 Vulnerabilities – Check Your PC
  3. Important Windows updates (December 2024): 71 vulnerabilities fixed
  4. Patch Tuesday, March 2025: updates addressing 57 vulnerabilities
  5. Microsoft Patched 81 Security Flaws, Including 0-day
Back to Top ↑