Microsoft Fixes Six Zero-Day Vulnerabilities in October's Patch Tuesday
Microsoft has released security updates to fix 172 vulnerabilities, including six zero-day vulnerabilities, in the October Patch Tuesday.
Three of the zero-day vulnerabilities are being actively exploited. One of them, CVE-2025-59230, is a local elevation of privilege (EoP) bug in the Windows Remote Access Connection Manager.
With no user interaction required, this will go straight into an attacker’s standard toolkit.
Rapid7 lead software engineer, Adam Barnett, warned about the severity of this vulnerability, stating that
there’s very little information in the advisory itself, but someone out there knows exactly how to exploit this vulnerability.
Another EoP vulnerability, CVE-2025-24990, was found in the third-party Agere Modem driver (ltmdm64.sys) which ships with Windows.
Author's summary: Microsoft fixes 172 vulnerabilities.
- CVE-2025-59230: Local elevation of privilege (EoP) bug in Windows Remote Access Connection Manager
- CVE-2025-24990: EoP vulnerability in Agere Modem driver (ltmdm64.sys)