Overview
- Three zero-days are confirmed under active attack: CVE-2025-24990 in the Agere Windows modem driver, CVE-2025-59230 in Windows Remote Access Connection Manager, and CVE-2025-47827 affecting IGEL OS Secure Boot.
- Microsoft removed the vulnerable Agere modem driver from supported Windows, cutting an attack path but disabling dependent fax/modem hardware on updated systems.
- A critical remote code execution bug in Windows Server Update Services (CVE-2025-59287, CVSS 9.8) could be wormable across WSUS servers, prompting urgent patching guidance from researchers.
- The release includes other top-severity issues, notably CVE-2025-55315 in ASP.NET Core and CVE-2025-49708 in Microsoft Graphics (both CVSS 9.9), plus Office Preview Pane RCEs requiring no file open.
- This update is the last regular security release for Windows 10, pushing organizations to upgrade or enroll in Extended Security Updates to maintain protection.