Close Menu
Cybercrime and Ransomware

Microsoft Patches 175 Vulnerabilities, Including Two Zero-Days Under Active Exploitation

Staff WriterBy No Comments4 Mins Read1 Views

Essential Insights

  1. Microsoft disclosed 175 vulnerabilities in its core products, including two actively exploited zero-days with a CVSS of 7.8, affecting system privilege levels.
  2. The zero-day CVE-2025-24990 impacts the Agere Windows Modem Driver, allowing attackers to gain admin rights; it has been removed in the October update.
  3. CVE-2025-59230 affects Windows Remote Access Connection Manager, enabling privilege escalation for authorized attackers; this is the first zero-day exploit observed in the wild for this service.
  4. The update also covers high-severity flaws, including CVEs with CVSS scores up to 9.9, impacting Azure Entra ID and Windows Server Update Service, highlighting ongoing critical security risks.

The Issue

In its latest security update, Microsoft revealed it had fixed 175 vulnerabilities across its core products, including two zero-day threats actively exploited in the wild—CVE-2025-24990 targeting the Agere Windows Modem Driver and CVE-2025-59230 affecting the Windows Remote Access Connection Manager. These bugs, rated with a severity score of 7.8, allowed attackers to gain administrative privileges and escalate their access from local systems, posing a significant risk to users of Windows operating systems, regardless of whether they used the affected hardware. Microsoft responded by removing the outdated modem driver in the October patch, disabling related fax modem hardware, and issuing patches to close these security gaps. Experts noted that while some vulnerabilities, like those affecting ASP.NET core and Microsoft Graphics, are less likely to be exploited, others—such as those impacting Azure Entra ID and Windows Server Update Service—pose higher risks. This comprehensive update underscores the ongoing threat landscape and the importance of timely patching, with cybersecurity authorities like the Cybersecurity and Infrastructure Security Agency (CISA) confirming the active exploitation of these zero-day flaws.

Critical Concerns

Microsoft’s recent security update uncovered 175 vulnerabilities in its core products, including two zero-day exploits rated at 7.8 CVSS—CVEs affecting the Agere Windows Modem Driver and the Windows Remote Access Connection Manager—both now exploited in the wild. These flaws pose significant risks: attackers exploiting CVE-2025-24990 can escalate to administrator privileges across all supported Windows versions, while CVE-2025-59230 allows privilege escalation via remote access. Notably, the modem driver has been removed, disabling associated hardware, yet the remote connection vulnerability—widely vulnerable and frequently targeted—remains a concern. The update also addresses other critical flaws with CVSS ratings of 9.9 and 9.8, some linked to popular services like Azure Entra ID and Windows Server Update Service, potentially enabling privilege escalation or remote attacks. With Microsoft disclosing a surge of critical and high-severity flaws—totaling five critical and 121 high-severity—the threat landscape underscores an urgent need for timely patching and vigilant cybersecurity practices to mitigate the severe impact of exploited vulnerabilities across enterprise and individual systems.

Fix & Mitigation

Timely remediation of vulnerabilities like the 175 bugs patched by Microsoft’s Patch Tuesday is crucial for maintaining digital security. Failing to address these flaws promptly can leave systems exposed to cyberattacks, especially with the presence of actively exploited zero-day threats, potentially leading to data breaches, financial loss, and disruption of operations.

Mitigation Strategies

  • Apply Patches Quickly: Deploy the latest updates immediately to close known security gaps.
  • Restrict Access: Limit administrative privileges and access to critical systems to reduce attack surfaces.
  • Increase Monitoring: Enhance network and system monitoring to detect unusual activity indicative of exploitation.
  • Backup Data: Regularly back up important data to enable recovery if a breach occurs.
  • User Training: Educate employees on security best practices and recognizing phishing attempts related to vulnerabilities.
  • Disable Vulnerable Features: Turn off or disable services or features known to be exploited until patches are applied.
  • Segment Networks: Implement network segmentation to contain potential breaches and prevent lateral movement.
  • Conduct Vulnerability Assessments: Regularly scan and assess for unpatched systems or new vulnerabilities.
  • Develop Response Plans: Establish and test incident response plans to ensure swift action if exploitation occurs.

Advance Your Cyber Knowledge

Discover cutting-edge developments in Emerging Tech and industry Insights.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.