5 Things MSPs Need to Know About the Latest Windows Zero-Day Exploits

Microsoft’s October 2025 Patch Tuesday was one of the biggest in recent memory — addressing 183 security flaws, including two zero-days actively exploited in the wild. The update also coincides with Microsoft’s end of support for Windows 10, except for systems enrolled in the Extended Security Updates (ESU) program.

For Managed Service Providers (MSPs), this month’s patch cycle is a loud reminder that legacy software risk is accelerating — and that even well-managed environments can harbor hidden vulnerabilities.

Here’s what MSPs need to understand and act on right now.

Two Zero-Days Are Already Being Exploited

The most concerning issues involve:

• CVE-2025-24990 – A privilege escalation flaw in the Windows Agere Modem Driver (ltmdm64.sys)
• CVE-2025-59230 – A privilege escalation flaw in Windows Remote Access Connection Manager (RasMan)

Both vulnerabilities can let attackers gain administrator-level access, enabling deep system control. The Agere driver flaw is especially troubling — it’s built into every version of Windows ever released, regardless of whether the hardware exists or not.

Windows 10’s End-of-Support Raises Urgency

Microsoft’s patch timing wasn’t accidental — the company officially ended free support for Windows 10 this month. That means any unpatched or unenrolled devices are effectively open targets for these exploits.

MSPs must ensure all clients are either:

• Enrolled in the ESU program for ongoing security updates, or
• Migrated to Windows 11 as soon as possible.

Failing to do so means leaving entire networks exposed to vulnerabilities that attackers are actively scanning for.

Secure Boot Bypass Extends the Risk Surface

Another exploited flaw (CVE-2025-47827) affects IGEL OS Secure Boot, allowing attackers with physical access to install kernel-level rootkits. While this requires local access, it underscores the growing sophistication of firmware and virtualization attacks that traditional antivirus tools can’t see.

MSPs managing remote workforces or mobile endpoints should double down on device control, endpoint detection, and zero-trust posture to mitigate “evil maid” style intrusions.

Virtualization and ASP.NET Flaws Could Break Isolation

Two vulnerabilities with 9.9 CVSS scores — one in Microsoft Graphics Component and another in ASP.NET — deserve immediate attention.

The Graphics Component flaw could allow a full virtual machine escape, enabling an attacker with minimal access to control all VMs on a host. Meanwhile, the ASP.NET issue lets attackers bypass authentication controls to deliver malicious payloads within legitimate requests.

For MSPs supporting cloud or virtualized environments, patching these immediately isn’t optional — it’s mission-critical.

Patch Fatigue Is Real — But So Is the Risk

With 183 total vulnerabilities, even disciplined MSPs face patch management fatigue. But this month’s mix of zero-days, kernel flaws, and privilege escalations demonstrates why automated patching, tiered remediation policies, and vulnerability prioritization frameworks are essential.

Tools like WSUS, Intune, or third-party RMMs should be configured to automatically deploy high-severity patches while maintaining rollback safety for client uptime.

This month’s patch cycle is a wake-up call. Between zero-day exploits, end-of-life systems, and complex dependencies, MSPs need to lead with urgency and precision. Protecting clients now means not just patching fast — but communicating the business risk of delay in language every executive understands.