Microsoft Monthly Security Update (October 2025)

CVE-2025-59230 is being exploited in the wild. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-24990 is being exploited in the wild. Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.

Proof of Concept exploit code is publicly available for CVE-2025-24052 . Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.

CVE-2025-59287 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.

CVE-2025-47827 is being exploited in the wild. In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

CVE-2025-33073 is being exploited in the wild. Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

CVE-2025-59230 is being exploited in the wild. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

CVE-2025-24990 is being exploited in the wild. Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.

Proof of Concept exploit code is publicly available for CVE-2025-24052 . Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.

CVE-2025-59287 is being exploited in the wild, and Proof of Concept exploit code has been publicly released. A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution.

CVE-2025-47827 is being exploited in the wild. In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.