Today marks Microsoft’s Patch Tuesday for October 2025, addressing 175 vulnerabilities. This update includes fixes for three actively exploited zero-day vulnerabilities. Notably, one of these fixes will remove support for certain modem hardware, so please ensure compatibility before updating.

Notable Patch Tuesday vulnerabilities for October

• CVE-2025-24990 A vulnerability in the Windows Agere Modem driver could allow an attacker to gain administrator privileges. The vulnerable driver will be removed with the updates released on October 14. Ensure that your hardware does not depend on this driver before updating, as this vulnerability is actively exploited.
• CVE-2025-59230 An improper access control vulnerability in Windows Remote Access Connection Manager could allow an authorized attacker to gain SYSTEM-level privileges locally. This vulnerability is actively exploited.
• CVE-2025-47827 A vulnerability in a third-party bootloader shim signed by Microsoft could allow an attacker to bypass Secure Boot. This vulnerability is actively exploited.

For more detailed information on these and other vulnerabilities, please refer to the release notes.

Need help addressing the above in your own organization? Speak to an Outpost24 expert.