What was addressed in Microsoft's October 2025 Patch Tuesday update?

The update addressed a total of 172 security vulnerabilities, including two zero-day bugs.

Which two specific zero-day bugs were addressed in the update?

CVE-2025-24990 and CVE-2025-59230.

Microsoft Addresses 172 Security Vulnerabilities, Including Zero-Days in Windows 10

Q: What is CVE-2025-24990 related to?

It involves a third-party modem driver called Agere Modem that has been bundled with Windows for the past two decades.

Q: What is CVE-2025-59230 related to?

It is an elevation of privilege vulnerability in Windows Remote Access Connection Manager (RasMan).

Q: What are the two remote code execution bugs addressed in the update?

CVE-2025-59227 and CVE-2025-59234.

October's Patch Tuesday update tackles two zero-day bugs, one affecting a modem driver and the other RasMan service. Microsoft ends support for Windows 10, leaving adult-industry platforms to consider options.

Microsoft's October 2025 Patch Tuesday update addressed a staggering 172 security vulnerabilities in its Windows operating systems, including two zero-day bugs that were being actively exploited. This month's patch cycle marks the final time Microsoft will release security updates for Windows 10 systems, prompting operators of adult-industry platforms to consider their options for maintaining secure and compliant infrastructure.

What Happened

The first zero-day bug addressed this month (CVE-2025-24990) involves a third-party modem driver called Agere Modem that has been bundled with Windows for the past two decades. Microsoft responded to active attacks on this flaw by completely removing the vulnerable driver from Windows, indicating the severity of the issue.

The other zero-day is CVE-2025-59230, an elevation of privilege vulnerability in Windows Remote Access Connection Manager (also known as RasMan), a service used to manage remote network connections through virtual private networks (VPNs) and dial-up networks. Satnam Narang, senior staff research engineer at Tenable, noted that while RasMan has appeared on Patch Tuesday more than 20 times since January 2022, this is the first time it has been exploited in the wild as a zero-day.

Narang also highlighted two remote code execution bugs (CVE-2025-59227 and CVE-2025-59234) that take advantage of "Preview Pane," allowing attackers to exploit targets without even opening the file. These vulnerabilities are particularly concerning for Microsoft Office users, who may be social engineered into previewing malicious documents via email.

Background and Context

Microsoft's decision to end security updates for Windows 10 systems marks a significant shift in the company's support strategy. As of October 2025, only Windows 11 will receive ongoing security patches, leaving operators of adult-industry platforms with limited options for maintaining secure infrastructure.

One option is to pay for another year's worth of security updates through Microsoft's Extended Security Updates (ESU) program, which costs $30 for non-Microsoft account holders and appears to be free for those who register their PC to a Microsoft account. However, ESU enrollment does not provide other types of fixes, feature improvements, or product enhancements.

Another option is to migrate to Windows 11, but this requires meeting the technical hardware specs recommended by Microsoft. For those unwilling or unable to make this transition, installing a flavor of Linux may be a viable alternative. Linux Mint, in particular, offers an intuitive interface and is likely to run on most computers produced in the last decade.

Why It Matters to the Industry

The security vulnerabilities addressed in October's Patch Tuesday update pose significant risks for adult-industry platforms, which often rely on Windows-based infrastructure. The zero-day bugs, in particular, demonstrate the importance of staying up-to-date with the latest patches and updates.

For those operating adult-industry platforms, maintaining secure infrastructure is crucial to protecting sensitive data and preventing potential security breaches. Failure to address these vulnerabilities could result in costly downtime, reputational damage, or even regulatory non-compliance.

What Comes Next

As Microsoft continues to phase out support for Windows 10 systems, operators of adult-industry platforms must consider their options for maintaining secure infrastructure. While migrating to Windows 11 may be a viable solution for some, others may prefer to explore alternative operating systems like Linux.

In either case, staying informed about the latest security patches and updates will be essential for protecting sensitive data and preventing potential security breaches. By prioritizing security and compliance, adult-industry platforms can ensure continued success in an increasingly complex regulatory environment.

Key Facts

Microsoft addressed 172 security vulnerabilities in its Windows operating systems, including two zero-day bugs.
The first zero-day bug (CVE-2025-24990) involves a third-party modem driver called Agere Modem that has been bundled with Windows for the past two decades.
Microsoft will no longer release security updates for Windows 10 systems, prompting operators of adult-industry platforms to consider their options for maintaining secure infrastructure.
The Extended Security Updates (ESU) program offers an alternative option for those unwilling or unable to migrate to Windows 11.
Linux Mint is a viable alternative operating system that may be suitable for some adult-industry platforms.

By staying informed about the latest security patches and updates, operators of adult-industry platforms can ensure continued success in an increasingly complex regulatory environment.