"With the latest updates for all versions of Windows, Microsoft has delivered a hefty 173 security patches, a record amount for 2025. Among these, nine are rated critical, according to patch management provider Action1, while six are zero-day exploits. Three of them have already been exploited in the wild, and three others have publicly available proofs of concept, which means sample code is publicly available to show how the flaw can be exploited."
"In one case, Microsoft had to actually remove a built-in driver called the ltmdm64.sys driver for fax modem hardware, as attackers had already been exploiting it as a zero-day flaw. "Active exploitation confirms that threat actors are already using this zero-day," Action1 said in its advisory. "Microsoft's decision to remove the driver rather than patch it suggests that the flaw is deeply rooted in its design and cannot be fixed without breaking functionality. This elevates both the security and operational risks for affected environments.""
October marks the final monthly Patch Tuesday for Windows 10 after 10 years of support. Microsoft released a record 173 security patches across Windows versions, including nine critical fixes and six zero-day exploits. Three vulnerabilities have been exploited in the wild and three have publicly available proofs of concept. Fixes address the Windows kernel, Windows Search, Remote Desktop Protocol, Windows Hello, File Explorer, PowerShell, Copilot, BitLocker, Bluetooth, and components such as Exchange Server, Visual Studio, Azure, and Microsoft Office. Microsoft removed the ltmdm64.sys fax modem driver because attackers exploited it as a zero-day, increasing security and operational risks.
#windows-10-end-of-support #patch-tuesday #security-patches-and-zero-day-exploits #windows-11-features
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]