Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack

Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack

Briefly

"Spooky season is in full swing, and this extends to Microsoft's October Patch Tuesday with security updates for a frightful 175 Microsoft vulnerabilities, plus an additional 21 non-Microsoft CVEs. And even scarier than the sheer number of bugs: three are listed as under attack, with three others publicly known, and 17 deemed critical security holes. Let's start with the flaws that attackers already found and exploited before Redmond pushed patches."

"CVE-2025-24990 is a 7.8-rated elevation of privilege bug in the third party Agere Modem driver that ships natively with supported Windows operating systems and can be abused to gain administrator privileges. Microsoft warns that all supported versions of Windows can be affected, so this could turn out to be a widespread attack. The driver has been removed in the October security update, so install this update ASAP."

"CVE-2025-59230 is another 7.8-rated elevation of privilege flaw in Windows Remote Access Connection Manager. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Redmond warns. Plus, as Zero Day Initiative's Dustin Childs points out: "These types of bugs are often paired with a code execution bug to completely take over a system." So this is another one to patch quickly."