Arctic Wolf Customer,
Microsoft’s October 2025 Patch Tuesday update includes three vulnerabilities that Arctic Wolf has highlighted in this security bulletin due to their potential risk. Additionally, with Windows 10 reaching end of support, organizations using this version should consider upgrading where feasible. Organizations using Microsoft products are encouraged to review the details below and apply the necessary updates.
Summary
On October 14, 2025, Microsoft released its October 2025 security update, addressing 175 newly disclosed vulnerabilities. Arctic Wolf has highlighted three vulnerabilities affecting Microsoft Windows in this security bulletin due to their potential risk.
Vulnerabilities
|
Vulnerability
|
CVSS
|
Description
|
Exploited
|
|
7.8
|
Windows Agere Modem Driver Elevation of Privilege Vulnerability – This vulnerability lies in the Agere modem driver (ltmdm64.sys) that ships natively with supported Windows operating systems and has been removed in the October cumulative update. A local threat actor could exploit this vulnerability to gain administrator privileges; systems can be affected even if the modem is not actively used.
|
Yes
|
|
|
7.8
|
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability – An improper access control flaw in Windows Remote Access Connection Manager allows an authorized threat actor to elevate privileges locally.
|
Yes
|
|
|
9.8
|
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability – A deserialization of untrusted data flaw in Windows Server Update Services (WSUS) allows remote, unauthenticated threat actors to achieve remote code execution via a crafted event.
|
No
|
End of Support for Windows 10
Microsoft announced that Windows 10 has reached end of support as of October 14, 2025, meaning it will no longer receive technical assistance, feature updates, or security patches. While the operating system can still be used, Arctic Wolf strongly recommends upgrading to Windows 11 where feasible to ensure continued protection, maintained compatibility with modern applications, and avoid potential security vulnerabilities arising from unpatched operating system components.
Arctic Wolf will follow its standard internal processes to assess the impact of the newly reported vulnerabilities within its own environment and if impacted, will address them within the established remediation timelines in our Security Patching Policy.
Recommendation
Upgrade to the Latest Fixed Versions
Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.
|
Product
|
CVE
|
Update Article
|
|
Windows 10 Version 1607 for 32-bit, and x64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 10 Version 1809 for 32-bit, and x64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 11 Version 22H2 for x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 11 Version 23H2 for x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 11 Version 24H2 for x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows 11 Version 25H2 for x64-based, and ARM64-based Systems
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows Server 2008 for 32-bit and x64-based Systems Service Pack 2
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows Server 2008 R2 for x64-based Systems Service Pack 1
|
CVE-2025-24990, CVE-2025-59230
|
|
|
Windows Server 2012
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2012 R2
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2016
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2019
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2022
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2022, 23H2 Edition
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
|
|
Windows Server 2025
|
CVE-2025-24990, CVE-2025-59230, CVE-2025-59287
|
Please follow your organization’s patching and testing guidelines to minimize potential operational impact.
References
- Microsoft Patch Tuesday (October 2025): https://msrc.microsoft.com/update-guide/releaseNote/2025-oct
- CVE-2025-24990: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990
- CVE-2025-59230: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230
- CVE-2025-59287: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287
- Microsoft Announcement for Windows 10: https://support.microsoft.com/en-us/windows/windows-10-support-has-ended-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
If you have any additional questions, please reach out to your CST at security@arcticwolf.com.
Thank you,
Arctic Wolf
