Microsoft Fixes Six Zero-Day Vulnerabilities in October's Patch Tuesday
Microsoft has fixed over 170 CVEs, including six zero-day vulnerabilities, in the latest Patch Tuesday updates.
According to the UK / EMEA News Reporter at Infosecurity Magazine, this month's Patch Tuesday list includes three zero-day vulnerabilities that are being actively exploited.
- CVE-2025-59230: a local elevation of privilege (EoP) bug in the Windows Remote Access Connection Manager.
- CVE-2025-24990: an EoP vulnerability in the third-party Agere Modem driver (ltmdm64.sys) that ships with Windows.
“With no user interaction required, this will go straight into an attacker’s standard toolkit,” warned Rapid7 lead software engineer, Adam Barnett. “There’s very little information in the advisory itself, but someone out there knows exactly how to exploit this vulnerability.”
Author's summary: Microsoft fixes six zero-day vulnerabilities.