Microsoft patches three zero-days actively exploited by attackers

Source: Help Net Security

Author: Zeljka Zorz

URL: https://www.helpnetsecurity.com/2025/10/15/microsoft-patch-tuesday-zero-days-cve-2025-24990-cve-2025-59230-cve-2025-47827/

ONE SENTENCE SUMMARY:

Microsoft’s October 2025 Patch Tuesday addressed over 175 vulnerabilities, including three critical zero-day exploits affecting Windows and IGEL OS.

MAIN POINTS:

1. Microsoft released fixes for over 175 vulnerabilities, including three zero-days under active attack.
2. CVE-2025-24990 affects Agere Modem driver, allowing attackers to gain administrator privileges.
3. CVE-2025-59230 targets Windows Remote Access Connection Manager, enabling SYSTEM level access.
4. CVE-2025-47827 allows Secure Boot bypass in IGEL OS used for virtual desktops.
5. Exploited flaws require urgent updates to prevent privilege escalation and potential system compromise.
6. WSUS vulnerability CVE-2025-59287 is wormable, posing a risk to critical infrastructure.
7. CVE-2025-59227 and CVE-2025-59234 exploit Office’s “Preview Pane” for remote code execution.
8. CVE-2025-55315 in ASP.NET Core could allow attackers to view sensitive information or crash servers.
9. Windows 10, Office 2016/2019, and Exchange Server 2016/2019 reach end-of-support this month.
10. Alternative software and updates recommended for affected Microsoft products reaching end-of-support.

TAKEAWAYS:

1. Update immediately to address critical zero-day vulnerabilities and protect system integrity.
2. Monitor and upgrade affected software to avoid security breaches from unsupported products.
3. Implement alternative solutions for Office and Exchange users as support ends.
4. Pay attention to WSUS and ASP.NET vulnerabilities that may affect server operations.
5. Subscribe to cybersecurity alerts to stay informed about the latest threats.