Addressing Critical Zero-Day Vulnerabilities in Microsoft Systems #shorts #patch

➡️ Full Clip Here: https://youtu.be/Kx80go98klE
➡️ Register for Patch Tuesday Webinar Series: https://www.ivanti.com/lp/webinar-series/patch-tuesday
➡️ Download slides here: https://www.ivanti.com/resources/patch-tuesday

Recent findings reveal two major zero-day vulnerabilities, including a third-party CVE, with two Microsoft CVEs rated 7.8 on the CVSS scale being actively targeted. Microsoft has responded by removing a risky fax modem driver and urging users to update their operating systems to mitigate these threats. This marks the final security update for Windows 10, prompting users to consider upgrading to Windows 11 or applying further mitigations.

Key Takeaways
October 14, 2025 marks the final publicly available security update for Windows 10 systems, Office 2016 and 2019, and Exchange 2016 and 2019. Microsoft will provide Extended Security Updates (ESU) support for Windows 10 for the next three years at an additional cost. Migration to Exchange Online or subscription edition is the path forward for Exchange users.
Microsoft resolved 172 new CVEs (highest in 2025 so far and possibly the highest in the history of Microsoft Patch Tuesday), including three known exploited and two public disclosures. Eight CVEs are rated Critical by Microsoft (five RCE, three Elevation of Privilege) and affect the Windows OS, Office and Azure.
Mozilla released five updates resolving 45 CVEs. Mozilla was very specific on some of the language used in three of the resolved CVEs. They state that some evidence of memory corruption was evident and could reflect exploitation though no confirmation is available yet. All five updates include at least one of the suspected exploit CVEs, so we recommend treating all five as containing a known exploited CVE.
Adobe released 12 updates addressing 36 CVEs. Adobe has rated the Commerce update as a priority two and the rest of the updates as priority three.
October Patch Tuesday is going to be a busy one from all angles. Microsoft exceeded the January CVE count (159 CVEs) by a healthy margin, with 172 CVEs resolved this month. There are three exploited and two publicly disclosed vulnerabilities this month, but fortunately all of them are in the cumulative OS update, making resolution quick and clean. They are also end of life-ing a lot of products, including Windows 10! Additionally, Office 2016 and 2019 and Exchange Server 2016 and 2019 have also reached end of life.
Adobe released 12 updates resolving 36 CVEs. Mozilla released five updates resolving 45 CVEs and are cautioning users that three of these CVEs are showing signs they may have been exploited in the wild (unconfirmed). And of course, Google Chrome is expected to release their weekly update in the next 24 hours.

There is a lot to unpack, so let’s get started.

Microsoft’s exploited vulnerabilities
Microsoft has resolved a Secure Boot bypass in IGEL OS before 11 vulnerability (CVE-2025-47827), which Microsoft has confirmed is exploited in the wild. The CVE is rated Important and has a CVSS 3.1 score of 4.6. Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature, allowing a crafted root file system to be mounted from an unverified image.

Microsoft has resolved an Elevation of Privilege vulnerability in Remote Access Connection Manager (CVE-2025-59230), which Microsoft has confirmed is exploited in the wild. The CVE is rated Important and has a CVSS 3.1 score of 7.8. Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. A risk-based prioritization methodology would warrant treating this as Critical.

Microsoft has resolved an Elevation of Privilege vulnerability in Agere Modem Driver (CVE-2025-24990), which Microsoft has confirmed is exploited in the wild. The CVE is rated Important and has a CVSS 3.1 score of 7.8. The driver shipped natively with the Windows OS. Microsoft has removed the driver with the October cumulative update and recommends removing any existing dependencies on this fax modem hardware. Exploit is possible even if the drive is not being used. A risk-based prioritization methodology would warrant treating this as Critical.

Chapters:

0:00 - Zero-Day CVEs & Risks

0:24 - Microsoft Fixes & Updates

1:55 - Windows Transition Advice