Microsoft’s October 2025 security update addresses a massive 183 security vulnerabilities across its products. Of these, 17 are rated Critical, while 165 are considered Important, and one is Moderate. A significant majority of these flaws are elevation of privilege vulnerabilities, which allow a low-level user to gain administrative access. The update also includes fixes for 33 remote code execution bugs and other issues like information disclosure and denial-of-service. This release coincides with Microsoft officially ending free support for Windows 10, pushing users toward the Extended Security Updates (ESU) program for continued protection.
Among the vulnerabilities addressed, two were actively exploited zero-days in Windows. Both flaws, CVE-2025-24990 and CVE-2025-59230, are elevation of privilege vulnerabilities that could allow attackers to execute code with elevated permissions. The first flaw is tied to a legacy Agere Modem driver, which is surprisingly installed on all Windows systems, even if the hardware isn’t present. Due to this, Microsoft plans to remove the driver entirely rather than patch it. The second zero-day is the first known exploit in the Windows Remote Access Connection Manager (RasMan), a component that has been patched more than 20 times since early 2022.
The third vulnerability under active exploitation is a Secure Boot bypass in IGEL OS, a system used to manage virtual desktops. This flaw, CVE-2025-47827, requires physical access to exploit, making it a concern for travelers’ laptops. An attacker with physical access could install a kernel-level rootkit, allowing them to gain control of the system and potentially capture credentials. All three of these actively exploited vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. This requires federal agencies to apply the patches promptly to secure their systems.
In addition to the zero-days, Microsoft’s update includes several other critical vulnerabilities. Two of the most severe flaws, with a CVSS score of 9.9, involve a privilege escalation vulnerability in the Microsoft Graphics Component (CVE-2025-49708) and a security feature bypass in ASP.NET (CVE-2025-55315). The Graphics Component flaw is especially dangerous as it can lead to a full virtual machine (VM) escape, allowing an attacker to break out of a virtual machine and gain full control of the underlying host server. This bypasses a fundamental security promise of virtualization.
The sheer volume and severity of these vulnerabilities highlight the ongoing need for diligent patching. Experts emphasize that flaws like the one in the Agere Modem driver show that even dormant, legacy code can pose a significant risk. The VM escape vulnerability is particularly concerning for cloud and data center environments, as it could allow a single compromised virtual machine to be used as a stepping stone to compromise an entire host and every other VM on it. These patches are essential for mitigating risks and protecting systems from both known and future attacks.
Reference:
