Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

VSCO expands AI editing capabilities and supports RAW files

How attackers can bypass synced passkeys

Can we hear the “beat” of gravitational waves in a pulsar?

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » Two new Windows zero-days exploited – one affecting all versions shipped to date
Identity

Two new Windows zero-days exploited – one affecting all versions shipped to date

userBy userOctober 15, 2025No Comments5 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

Microsoft on Tuesday released fixes for as many as 183 security flaws across its products, after the tech giant officially ended support for the Windows 10 operating system unless the PC was enrolled in the Extended Security Updates (ESU) program. This includes three vulnerabilities that are being exploited in the wild.

Of the 183 vulnerabilities, 8 are CVEs not published by Microsoft. There were 165 flaws rated as ‘important’, followed by 17 flaws rated ‘severe’ and one flaw rated ‘medium’. The majority are related to privilege elevation vulnerabilities (84), with the remainder being remote code execution (33), information disclosure (28), spoofing (14), denial of service (11), and security feature bypass (11).

This update is in addition to the 25 vulnerabilities that Microsoft has addressed in its Chromium-based Edge browser since the release of the September 2025 Patch Tuesday update.

Two Windows zero-days that are actively being exploited are:

CVE-2025-24990 (CVSS Score: 7.8) – Windows Agere Modem Driver (‘ltmdm64.sys’) Elevation of Privilege Vulnerability CVE-2025-59230 (CVSS Score: 7.8) – Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability

DFIR retainer service

Microsoft said both issues could allow an attacker to execute code with elevated privileges, but there is currently no indication of how they could be exploited or how widespread they might be. In the case of CVE-2025-24990, the company said it plans to remove the driver entirely rather than issuing patches for traditional third-party components.

The security flaw has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, because it is rooted in legacy code that is installed by default on all Windows systems, regardless of whether the associated hardware is present or in use.

“The vulnerable driver ships with every version of Windows up to Server 2025,” said Adam Barnett, principal software engineer at Rapid7. “Perhaps your fax modem uses a different chipset and therefore does not require the Agere driver. Maybe you simply discovered your email. Too bad. Your PC is still vulnerable and a local attacker with a least-privileged account could escalate to administrator status.”

CVE-2025-59230 is the first RasMan vulnerability to be exploited as a zero-day, according to Satnam Nanang, senior staff research engineer at Tenable. Microsoft has patched more than 20 flaws in the component since January 2022.

The third vulnerability exploited in the actual attack concerns the secure boot bypass case in IGEL OS before 11 (CVE-2025-47827, CVSS score: 4.6). Details of this flaw were first made public by security researcher Zach Didcott in June 2025.

“The impact of secure boot bypass can be significant, as a threat actor could deploy a kernel-level rootkit to gain access to the IGEL OS itself and, in turn, perform tampering with the virtual desktop, including capturing credentials,” said Kev Breen, senior director of threat research at Immersive.

“Please note that this is not a remote attack and physical access is typically required to exploit this type of vulnerability, meaning it is an ‘evil maid’ style attack that is most likely to impact employees who travel frequently.”

All three issues have since been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog, and federal agencies are required to patch them by November 4, 2025.

Other notable critical vulnerabilities include Windows Server Update Service (WSUS) remote code execution (RCE) bug (CVE-2025-59287, CVSS score: 9.8), Trusted Computing Group (TCG) TPM2.0 reference implementation CryptHmacSign helper function out-of-bounds read vulnerability (CVE-2025-2884, CVSS score: 5.3), and Windows RCE in URL parsing (CVE-2025-59295, 8.8).

“An attacker could exploit this by carefully constructing a malicious URL,” said Ben McCarthy, principal cybersecurity engineer at Immersive. “Overflowed data can be designed to overwrite critical program data, such as function pointers and object virtual function table (vtable) pointers.”

CIS build kit

“When the application later attempts to use this corrupted pointer, instead of calling a legitimate function, it redirects the program’s execution flow to an attacker-controlled memory address. This allows the attacker to execute arbitrary code (shellcode) on the target system.”

The two vulnerabilities with the highest CVSS scores in this month’s update are related to Microsoft Graphics Component Privilege Escalation Flaw (CVE-2025-49708, CVSS Score: 9.9) and ASP.NET Security Feature Bypass (CVE-2025-55315, CVSS Score: 9.9).

Although CVE-2025-55315 requires an attacker to first authenticate, it can be exploited to surreptitiously bypass security controls and perform malicious actions by surreptitiously feeding a second malicious HTTP request within the body of the first authenticated request.

“Organizations must prioritize patching this vulnerability because it defeats the core security promise of virtualization,” McCarthy said of CVE-2025-49708, characterizing it as a high-impact flaw that could lead to a complete virtual machine (VM) escape.

“A successful exploit would mean that an attacker could compromise even a single non-critical guest VM with low privilege access and execute code with SYSTEM privileges directly on the underlying host server. This failure of isolation means the attacker could access, manipulate, or destroy data on all other VMs running on the same host, such as mission-critical domain controllers, databases, and production applications.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleFSSAI proposes ban on PFAS in food packaging
Next Article Can we hear the “beat” of gravitational waves in a pulsar?
user
  • Website

Related Posts

How attackers can bypass synced passkeys

October 15, 2025

Two CVSS 10.0 bugs in Red Lion RTU could allow hackers to gain complete industrial control

October 15, 2025

Hackers exploit cookies to target ICTBroadcast servers and gain remote shell access

October 15, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

VSCO expands AI editing capabilities and supports RAW files

How attackers can bypass synced passkeys

Can we hear the “beat” of gravitational waves in a pulsar?

Two new Windows zero-days exploited – one affecting all versions shipped to date

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Beyond the Algorithm: How FySelf’s TwinH and Reinforcement Learning are Reshaping Future Education

Meet Your Digital Double: FySelf Unveils TwinH, the Future of Personalized Online Identity

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.