Microsoft’s Massive Patch Tuesday Fixes 175 Vulnerabilities — Including Two Active Zero-Days

Listen to this Post

Featured ImageMicrosoft’s Biggest Security Fix of the Year Raises Alarms in the Cyber World

In its October security rollout, Microsoft unleashed one of the most extensive patch updates in recent memory, fixing 175 security vulnerabilities across Windows, Azure, and several core components of its ecosystem. Among these, two zero-day exploits already being used in real-world attacks sent immediate ripples through the cybersecurity community. The update marks Microsoft’s largest single-month patch release of 2025, highlighting the growing complexity of defending an interconnected software empire.

A 175-Bug Marathon: Inside Microsoft’s Patch Tuesday

In the latest Patch Tuesday, Microsoft confirmed it has addressed 175 separate vulnerabilities, including two zero-days under active exploitation. The company described the update as the largest batch of fixes this year, underlining a persistent and escalating battle against cyber threats targeting its products.

The two zero-days, CVE-2025-24990 and CVE-2025-59230, both rated at 7.8 on the CVSS scale, represent significant security gaps that attackers have already leveraged. The first flaw, found in the Agere Windows Modem Driver, allows attackers to gain administrative privileges, effectively taking full control of a system. Even more troubling, this vulnerability can affect all supported versions of Windows, regardless of whether the modem is actually being used.

The second zero-day, affecting the Windows Remote Access Connection Manager (RASMAN), lets attackers elevate privileges locally to achieve system-level control. The component is often used to manage VPN and dial-up network connections, making it a recurring guest in Microsoft’s monthly patches. But according to Tenable’s Satnam Narang, this marks “the first time we’ve seen it exploited in the wild as a zero day.”

Microsoft’s update also removes the Agere Modem driver, a third-party component that has shipped with Windows for years. As a result, any fax modem hardware relying on it will no longer function — a necessary casualty in the pursuit of system integrity.

Beyond the zero-days, Microsoft’s patch list includes five critical vulnerabilities and 121 high-severity ones. Two stand out for their near-perfect CVSS score of 9.9:

CVE-2025-55315 in ASP.NET Core, which could expose web applications to remote code execution.

CVE-2025-49708 in the Microsoft Graphics Component, capable of being exploited to deliver malicious payloads via image files or documents.

Microsoft marked 14 vulnerabilities as “more likely to be exploited,” including two rated critical at 9.8 — CVE-2025-59246 (Azure Entra ID) and CVE-2025-59287 (Windows Server Update Service). While exploitation is not confirmed, their risk potential makes them high-priority for immediate patching.

For system administrators, the message is clear: patch now or face possible compromise. The Cybersecurity and Infrastructure Security Agency (CISA) has also added both zero-days to its Known Exploited Vulnerabilities Catalog, essentially ordering U.S. federal agencies to update affected systems as soon as possible.

This month’s patch collection underscores a recurring reality — as Microsoft continues to expand its reach across cloud, desktop, and enterprise environments, the attack surface grows. Each update feels less like routine maintenance and more like a race against time in the global cybersecurity arms race.

What Undercode Say:

Microsoft’s latest Patch Tuesday demonstrates the sheer scale and persistence of vulnerability management in modern software ecosystems. It’s not just about quantity; it’s about the shifting nature of threats and how attackers are adapting faster than legacy defense models can keep up.

From a security analytics standpoint, two active zero-days within the same cycle reflect a concerning escalation. Historically, Microsoft zero-days were often discovered in niche components, but this month’s defects hit both legacy drivers and core connectivity services — a blend that highlights the aging architecture underpinning Windows systems.

The Agere Windows Modem Driver vulnerability (CVE-2025-24990) is particularly symbolic. It represents how outdated third-party dependencies can linger unnoticed in modern systems, quietly creating attack vectors long after their functional relevance has faded. By finally removing the driver, Microsoft is closing a chapter on obsolete hardware support, but the question remains — how many more such remnants exist within the operating system?

The Windows Remote Access Connection Manager flaw (CVE-2025-59230) tells another story. This service has appeared in over 20 different patch cycles since early 2022, showing a pattern of chronic exposure. For attackers, such recurring components are fertile ground; for defenders, they’re a nightmare to harden. Seeing it exploited as a zero-day was perhaps inevitable.

The CVSS 9.9-rated bugs in ASP.NET Core and Microsoft Graphics Component illustrate a broader challenge — the thin line between web development frameworks and the deep graphical layers of Windows, both of which have become prime real estate for remote code execution exploits. These components interact with massive user bases daily, making any unpatched instance a potential pivot point for widespread attacks.

From an enterprise security management lens, the Azure Entra ID and Windows Server Update Service vulnerabilities (both 9.8) hit where it hurts most — identity and patch distribution. A successful exploit could let attackers manipulate update flows or impersonate legitimate services, amplifying the impact across networks.

There’s also a hidden irony: every Patch Tuesday is meant to secure systems, yet each release inevitably reveals how vulnerable the ecosystem remains. Cybercriminals now treat Microsoft’s monthly disclosure as a roadmap for targeting unpatched environments. Within hours of publication, exploit kits are updated, and scanning campaigns begin.

In the broader cybersecurity timeline, this October patch drop reinforces the reality that defensive security has become reactive. The threat actors are exploiting weaknesses faster than vendors can patch them, and automation tools only widen that gap. The shift toward AI-assisted vulnerability discovery could make next year’s Patch Tuesdays even more overwhelming.

For IT teams, this update cycle is a reminder that patching isn’t a checkbox exercise — it’s an ongoing strategic imperative. Security now requires prioritization frameworks, asset visibility, and real-time threat intelligence integration. Those who still depend solely on scheduled patching cycles risk being left exposed in an environment that evolves daily.

🔍 Fact Checker Results

✅ Microsoft confirmed 175 vulnerabilities fixed in October 2025.

✅ Two zero-days (CVE-2025-24990 and CVE-2025-59230) are confirmed to be exploited in the wild.
✅ The Agere Modem Driver has been officially removed from all supported Windows systems.

📊 Prediction

🔮 Expect increased exploitation attempts on unpatched Windows systems within weeks, especially targeting enterprise VPN and RAS components.
⚙️ Legacy hardware and outdated third-party drivers will face accelerated phase-outs as Microsoft moves to harden its core OS.
🌐 In 2026, Microsoft may adopt AI-driven vulnerability prediction systems, aiming to patch weaknesses before active exploitation occurs.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberscoop.com
Extra Source Hub (Possible Sources for article):
https://www.twitter.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon