Update Microsoft Windows Now — New 2 Week Security Deadline Confirmed

Microsoft has released a record-breaking number of security updates for its operating systems, including Windows and Server, as part of its monthly Patch Tuesday. This month, the company has addressed 196 Common Vulnerabilities and Exposures (CVEs), surpassing the previous highest monthly number of 161. Two of these vulnerabilities, CVE-2025-59230 and CVE-2025-24990, have been identified as particularly critical, prompting the Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to Federal Civilian Executive Branch agencies to update their systems within two weeks.

Understanding the Vulnerabilities

CVE-2025-59230 is an “Improper access control in Windows Remote Access Connection Manager” that allows an authorized attacker to elevate privileges locally. This vulnerability has already been exploited in the wild, making it a zero-day threat. According to Adam Barnett, lead software engineer at Rapid7, “Local elevation of privilege is always attractive to an attacker, since even if it doesn’t get them where they need to be, it can provide an important link in the chain.” The second vulnerability, CVE-2025-24990, is a zero-day threat in the third-party Agere Modem driver that ships natively with supported Windows operating systems.

Consequences of Not Updating

Ben McCarthy, lead cyber security engineer at Immersive, warns that the active exploitation of CVE-2025-24990 in the Agere Modem driver shows the security risks of maintaining legacy components within modern operating systems. “This driver, which supports hardware from the late 1990s and early 2000s, predates current secure development practices and has remained largely unchanged for years,” he notes. Failing to update systems to protect against these vulnerabilities can leave them exposed to cyberattacks, making it crucial for organizations to prioritize timely remediation.

CISA’s warning serves as a reminder of the importance of keeping software up to date, especially when it comes to critical vulnerabilities like these. Whether or not you are part of a Federal Civilian Executive Branch agency, it is essential to take immediate action to protect your systems and processes from potential cyber threats. By updating your Windows operating system and addressing these vulnerabilities, you can significantly reduce your exposure to cyberattacks and ensure the security of your data.