Microsoft: >> Windows 11 24h2 Security Vulnerabilities
Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-10-14
Use after free in Xbox allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-14
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-10-14
Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-10-14
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-10-14
Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-14
CVE-2025-24990
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
Known exploited
CVSS Score
7.8
EPSS Score
0.029
Published
2025-10-14
Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-14
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
CVSS Score
7.8
EPSS Score
0.001
Published
2025-10-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVSS Score
7.0
EPSS Score
0.0
Published
2025-09-18