Particle.news
Download on the App Store
14 ARTICLES
·
4h ago

Microsoft Ships Massive October Patches as Three Zero-Day Exploits Emerge, Legacy Driver Pulled

Free updates for Windows 10 end today, raising urgency to patch before CISA’s November 4 deadline.

Image
Microsoft fixes 175 flaws in October 2025 Patch Tuesday
Image
Image

Overview

  • Microsoft fixed 175 vulnerabilities across Windows and related products, including 17 rated critical and a large set flagged as more likely to be exploited.
  • Three zero-days are under active attack: an Agere modem driver elevation flaw (CVE-2025-24990), a RasMan privilege escalation to SYSTEM (CVE-2025-59230), and an IGEL OS Secure Boot bypass (CVE-2025-47827).
  • Microsoft removed the vulnerable Agere driver from Windows rather than patch it, which mitigates the issue but disables fax/modem hardware that depends on it.
  • A critical WSUS remote code execution bug (CVE-2025-59287, CVSS 9.8) is considered wormable between update servers, prompting guidance to test and deploy server patches quickly.
  • CISA added the exploited flaws to its Known Exploited Vulnerabilities catalog with a November 4 remediation date, as additional high-severity risks include ASP.NET Core and Microsoft Graphics bugs with 9.9 CVSS scores and Azure/Entra exposures.