Microsoft has rolled out a significant security update, signaling its ongoing focus on tackling persistent threats across its ecosystem. The company’s latest release addresses 175 vulnerabilities, affecting a vast array of products, including core Windows components and widely used services. Among these, two zero-day vulnerabilities were actively exploited, elevating the urgency for immediate fixes. The update has direct implications for both individual users and enterprise environments, especially those relying on remote access functionality or legacy hardware. Security professionals highlight the growing challenge of keeping pace with attackers targeting both old and new software weaknesses.
Earlier updates from Microsoft typically covered fewer vulnerabilities, with the average Patch Tuesday this year addressing closer to a hundred issues at a time. Unlike previous months, this update is the company’s largest in 2025, reflecting a rise in both the volume and critical nature of flaws. Previously, vulnerabilities tied to Windows Remote Access Connection Manager had not been exploited as zero-days, despite repeated attention in updates since 2022. In contrast, the Agere Windows Modem Driver had only surfaced occasionally in patch notes, but the decision to remove it outright signifies a shift in Microsoft’s risk management strategy for legacy drivers that could be leveraged in attacks.
Which Vulnerabilities Did Microsoft Identify?
Of the 175 vulnerabilities disclosed, Microsoft reported that two were zero-days already under active attack. CVE-2025-24990 targets the Agere Windows Modem Driver and CVE-2025-59230 involves Windows Remote Access Connection Manager. Both carry a CVSS severity score of 7.8, marking them as significant risks. The zero-days were promptly added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, emphasizing their active exploitation. According to Microsoft, “All supported versions of Windows can be affected by a successful exploitation of this vulnerability, even if the modem is not actively being used.”
What Actions Did Microsoft Take in Response?
Microsoft’s measures included removing the third-party Agere Modem Driver from supported operating systems as part of the October update. This move means fax modem hardware dependent on the driver will cease to function within Windows environments. Simultaneously, the improper access control vulnerability in Windows Remote Access Connection Manager was addressed to block attackers from escalating privileges on affected machines. Microsoft stated,
The update delivers protections for customers as we continue to respond to emerging threats and actively exploited vulnerabilities.
The company also flagged 14 more vulnerabilities as likely to be targeted by attackers, including critical risks in Azure Entra ID and Windows Server Update Service.
How Severe Are the Remaining Vulnerabilities?
Beyond the zero-days, additional high-risk flaws emerged: CVE-2025-55315 in ASP.NET core and CVE-2025-49708 in Microsoft Graphics Component both have a CVSS rating of 9.9. However, Microsoft considered exploitation of these defects to be less likely for now. A total of five critical and 121 high-severity vulnerabilities were detailed in the company’s update guidance, with the comprehensive list available in Microsoft’s Security Response Center.
We encourage all users and administrators to apply security updates as soon as possible to protect their systems,
the company advised.
This security update represents a concerted attempt by Microsoft to limit the attack surface available to adversaries, reflecting both changing tactics by threat actors and an evolving product environment. Security patches now routinely address not only new code but also legacy components that, while less common, present an attractive target for exploitation due to longstanding vulnerabilities. Organizations should pay particular attention to hardware dependencies and legacy driver support in their environments, as Microsoft’s removal of the Agere Windows Modem Driver may impact operations using older fax or dial-up equipment. Regular review of patch management procedures and inventory of all system components is recommended, given the pace and breadth of recent vulnerability disclosures in Microsoft products.
