Microsoft has released a significant update addressing 183 security vulnerabilities across its products, marking a crucial step in maintaining user safety. This legislative update arrives at a moment of urgency. The tech giant has officially pulled support for its Windows 10 operating system, so users need to avoid lurking dangers more cautiously than ever. Of the issues patched, Microsoft has noted that three of these vulnerabilities are being actively exploited in the wild.
The patch resolves 25 vulnerabilities in the Chromium-based Edge browser. These fixes follow the major Patch Tuesday update released in September 2025. These updates are critical for protecting systems from ever evolving threats, particularly with the severity of some vulnerabilities disclosed being rated as critical.
Severity of Vulnerabilities
Of the 183 vulnerabilities fixed, Microsoft classified 165 as Important in severity and 17 as Critical. Of the 13 unique vulnerabilities, shockingly, eight were non-Microsoft released Common Vulnerabilities and Exposures (CVEs). Two of the most critical vulnerabilities, CVE-2025-49708 and CVE-2025-55315, have made themselves known. Both have a Common Vulnerability Scoring System (CVSS) score of 9.9, which indicates a critical risk.
CVE-2025-49708 privileges escalation flaw in the Microsoft Graphics Component This particularly bad vulnerability, rated 10.0 on the CVSS scale, would allow an attacker to fully break out of a virtual machine. Likewise, CVE-2025-55315 is a security feature bypass in ASP.NET that could let attackers deceive applications without detection.
“An organization must prioritize patching this vulnerability because it invalidates the core security promise of virtualization,” – Ben McCarthy
The latter of these three critical vulnerabilities have been flagged for active exploitation. This alarming reality requires urgent action from users and agencies alike. These vulnerabilities, collectively CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827 come with unique risks attached.
Active Exploitation and Immediate Response
CVE-2025-24990 only affects the Windows Agere Modem Driver, aka “ltmdm64.sys.” For starters, this vulnerability enables attackers to elevate their privileges and has a CVSS score of 7.8 (high). CVE-2025-59230, which affects the Windows Remote Access Connection Manager (RasMan), has a CVSS score of 7.8. The third vulnerability is CVE-2025-47827. It is tracked as a Secure Boot bypass in IGEL OS versions before 11 and has a lower CVSS score of 4.6.
These three vulnerabilities are listed as being discovered in the U.S. Cybersecurity and Infrastructure Security Agency (CISA). They’ve formally been added to the Known Exploited Vulnerabilities (KEV) catalog. Deadline for federal agencies to patch these vulnerabilities is November 4, 2025. This deadline is just one piece of their efforts to bolster cybersecurity practices among government agencies.
“A successful exploit means an attacker who gains even low-privilege access to a single, non-critical guest VM can break out and execute code with SYSTEM privileges directly on the underlying host server,” – Ben McCarthy
The consequences of taking advantage of these loopholes can be catastrophic. The vulnerable driver in CVE-2025-59230 ships with all supported versions of Windows, including Server 2025. Unfortunately, all that widespread availability makes it a prime target for would-be attackers.
Implications for Users and Organizations
The impact of these vulnerabilities go well beyond technical issues, with serious risks to data security and integrity. A Secure Boot bypass is more dangerous than likely expected. This weakness can permit kernel-level rootkits to penetrate, evade detection, and corrupt the IGEL OS environment.
“The impacts of a Secure Boot bypass can be significant, as threat actors can deploy a kernel-level rootkit,” – Kev Breen
One category of such exploits requires promised physical access to the targeted systems. They remain a deadly danger to all workers, especially those who must frequently travel. Cybersecurity authorities recommend that organizations stay alert and focus on updating organizational patching practices to address the threats posed by these vulnerabilities.
“It should be noted that this is not a remote attack, and physical access is typically required to exploit this type of vulnerability,” – Kev Breen
Now is the time for all organizations to get off that outdated OS and onto something far better. Ongoing implementation and maintenance of security measures are essential to protect sensitive data and continue operations without disruption.