"The active exploitation of CVE-2025-24990 in the Agere Modem driver (ltmdm64.sys) shows the security risks of maintaining legacy components within modern operating systems,"
"This driver, which supports hardware from the late 1990s and early 2000s, predates current secure development practices and has remained largely unchanged for years,"
"Kernel-mode drivers operate with the highest system privileges, making them a primary target for attackers seeking to escalate their access."
"The attack chain typically begins with the actor gaining an initial foothold on a target system through common methods like a phishing campaign, credential theft, or by exploiting a different vulnerability in a public-facing application,"
Windows 10 end-of-support coincided with a Patch Tuesday that included several zero-day flaws targeting the older operating system. One of the tracked vulnerabilities, CVE-2025-24990, affects an Agere modem kernel driver (ltmdm64.sys) that Microsoft has removed from Windows. The driver dates to hardware from the late 1990s and early 2000s and predates modern secure development practices, leaving it largely unchanged and risky. Kernel-mode drivers run with the highest system privileges, making such components prime targets for attackers seeking privilege escalation. Threat actors use the flaw as a second-stage vector after gaining initial access through phishing, credential theft, or other exploited vulnerabilities. Microsoft removed the component rather than patching to avoid unreliable fixes and to reduce the attack surface, accepting potential backward-compatibility impacts.
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]