Overview

• Microsoft patched 175 vulnerabilities across its products plus 21 from other vendors, with 17 rated critical and several marked more likely to be exploited.
• CVE-2025-24990 in the Agere modem driver and CVE-2025-59230 in Windows Remote Access Connection Manager are confirmed exploited, enabling elevation to administrator or SYSTEM privileges.
• Microsoft removed the vulnerable Agere driver from supported Windows releases, which disables fax modem hardware that depends on it.
• High-risk fixes include an unauthenticated RCE in Windows Server Update Services (CVE-2025-59287) and Microsoft Office Preview Pane RCEs (CVE-2025-59227, CVE-2025-59234), which researchers urge organizations to patch quickly as vendors publish new detections such as Cisco Talos Snort rules.
• This release is the final regular security update for Windows 10, leaving users to migrate to Windows 11 or enroll in Extended Security Updates for continued protection.