On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere Modem, which is used for dial-up internet access and sending/receiving faxes. The vulnerable driver was, until now, shipped natively with Windows and the vulnerability, which allows attackers to gain administrator privileges, has been exploited by … More
The post Microsoft patches three zero-days actively exploited by attackers appeared first on Help Net Security.