Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Microsoft Patch Tuesday October 2025 patches 167 vulnerabilities (7 Critical, 158 Important, 2 Moderate), patch Immediately!!
Image
Published : 15/10/2025
* Last update: 15/10/2025
* Affected products:
→ Multiple Microsoft products* Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
* CVE/CVSS:
Microsoft patched 167 vulnerabilities in its October 2025 Patch Tuesday release, 7 rated as critical, 158 rated important, and 2 rated as moderate. Including 3 0- day vulnerabilities and 2 vulnerabilities that are actively exploited.Number of CVE by type:
- 80 Elevation of Privilege vulnerabilities
- 29 Remote Code Execution vulnerabilities
- 26 Information Disclosure vulnerabilities
- 11 Denial of Service vulnerabilities
- 10 Spoofing vulnerability
- 10 Security Feature Bypass vulnerabilities
- 1 Tampering vulnerability
Sources
Microsoft - https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-Oct
Risks
Microsoft’s October 2025 Patch Tuesday includes 167 vulnerabilities (7 critical, 158 important and 2 moderate), for a wide range of Microsoft products, impacting Microsoft Server and Workstations. This Patch Tuesday includes 2 actively exploited vulnerabilities and 3 0-Days. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2025-24052 and CVE-2025-24990: Windows Agere Modem Driver Elevation of Privilege Vulnerabilities (Actively exploited)
Elevation of Privilege vulnerabilities. CVE-2025-24052 and CVE-2025-24990 are EoP vulnerabilities in the third party Agere Modem driver (ltmdm64.sys). The vulnerabilities can allow a local attacker to gain SYSTEM privileges. CVE-2025-24990 is being actively exploited in the wild and a proof-of-concept for CVE-2025-24052 is publicly available.
The ltmdm64.sys driver has historically shipped natively with supported Windows operating systems, but will no longer be supported following the October update. Microsoft notes, that ltmdm64.sys-dependent hardware will no longer work on Windows, and recommends users remove existing dependencies.
CVE-2025-59230: Windows Remote Access Connection Manager (Actively exploited)
Elevation of Privilege vulnerability. CVE-2025-59230 is an elevation-of-privilege vulnerability in Windows Remote Access Connection Manager (RasMan). The vulnerability received a CVSSv3 score of 7.8 and stems from improper access control and could allow an authorized local attacker to gain SYSTEM privileges. Microsoft reports it has been exploited in the wild.
CVE-2025-59287: Windows Server Update Service (WSUS)
Remote Code Execution Vulnerability. CVE-2025-59287 is a critical remote code execution vulnerability (CVSSv3 9.8) in Windows Server Update Services (WSUS). A remote, unauthenticated attacker could send a crafted event that triggers unsafe object deserialization in a legacy serialization mechanism, resulting in remote code execution. Microsoft’s Exploitability Index assessed this as “Exploitation More Likely”.
CVE-2025-59227, CVE-2025-59234: Microsoft Office
Remote Code Execution Vulnerability. CVE-2025-59227 and CVE-2025-59234 are critical RCE vulnerabilities in Microsoft Office caused by a use-after-free flaw. With a CVSSv3 score of 7.8 and rated “Exploitation Less Likely,” they can be exploited via social engineering by sending a malicious Office file. User interaction is required, but the Preview Pane also allows exploitation without opening the file.
CVE-2025-55680: Windows Cloud Files Mini Filter Driver
Elevation of Privilege Vulnerability. CVE-2025-55680 is an important (CVSSv3 7.8) elevation-of-privilege in the Windows Cloud Files Mini Filter Driver. A local, authenticated attacker would need to win a race condition in order to exploit this vulnerability. Successful exploitation would allow the attacker to elevate to SYSTEM privileges. Microsoft assessed exploitability as “Exploitation More Likely.”
Update 23/10/2025
Exodus Intelligence has published a proof-of-concept (PoC) exploit for CVE-2025-55680 demonstrating that the vulnerability is real and likely to be exploited by malicious actors in the near future.
CVE-2025-49708: Microsoft Graphics Component
Elevation of Privilege Vulnerability. CVE-2025-49708 is a critical use-after-free vulnerability in the Microsoft Graphics Component with a CVSSv3 score of 9.8. It allows an authorized attacker to elevate privileges over a network, potentially gaining SYSTEM access. Exploitation involves accessing a local guest VM to attack the host OS. The CVSS scope change (S:C) indicates that compromising the host could impact other virtual machines on the same host, even if they are not directly vulnerable.
Windows 10 End of Support
As of October 14, Windows 10 has officially reached the end of support. This means Microsoft will no longer release security updates for Windows 10 unless the system is enrolled in the Extended Security Updates (ESU) program. In addition, support for the Long-Term Servicing Branch (LTSB) editions, including Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB, also ended on October 14.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Register - https://www.theregister.com/2025/10/14/microsoft_october_2025_patch_tuesday/
Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/
GBHackers - https://gbhackers.com/microsoft-patch-tuesday-october-2025/
Tenable - https://www.tenable.com/blog/microsofts-october-2025-patch-tuesday-addresses-167-cves-cve-2025-24990-cve-2025-59230
Qualys - https://blog.qualys.com/vulnerabilities-threat-research/2025/10/14/microsoft-patch-tuesday-october-2025-security-update-review