Microsoft has announced the removal of the legacy Agere Modem driver (ltmdm64.sys) from Windows following the discovery of two elevation of privilege vulnerabilities that pose a significant risk to enterprise and home users alike.
Both flaws, tracked as CVE-2025-24052 and CVE-2025-24990, affect all supported versions of Windows and allow adversaries to gain administrator privileges without user interaction.
Understanding the Vulnerabilities
The first issue, CVE-2025-24052, is a stack-based buffer overflow in the Agere Modem driver. Rated “Important” with a CVSS 3.1 base score of 7.8, the flaw can be exploited locally by any low-privileged user, who could then execute arbitrary code in kernel mode, compromising confidentiality, integrity, and availability.
Microsoft classifies the exploit code maturity as proof-of-concept, indicating that weaponized code could appear soon.
- Attack Vector: Local
- Privileges Required: Low
- User Interaction: None
The second vulnerability, CVE-2025-24990, stems from an untrusted pointer dereference weakness. Also rated “Important” with a CVSS score of 7.8, this flaw has already seen exploitation in the wild, as reported by Microsoft’s threat intelligence team. Functional exploit code has been observed, elevating the urgency for mitigation.
- Exploitability Assessment: Exploitation Detected
- Exploit Code Maturity: Functional
Mitigation Through Driver Removal
Rather than issuing a traditional patch for each vulnerability, Microsoft’s October cumulative update completely removes the ltmdm64.sys driver from affected systems.
As a result, all fax modem hardware relying on the Agere Modem driver will cease to function. While mail and messaging over IP have largely supplanted analog modems, some industrial and legacy applications still depend on fax modems.
Organizations must therefore audit their environments for any remaining modem dependencies and either migrate to supported alternatives or implement workarounds where available.
Microsoft’s advisory explicitly recommends that customers eliminate any reliance on the deprecated hardware to avoid service disruptions.
- Action Required: Verify removal of ltmdm64.sys.
- Dependency Check: Identify legacy fax modem devices.
- Recommended Steps: Migrate or decommission affected hardware.
| Product / Version | Severity | Impact | KB Article(s) | Update Type(s) | Build Number(s) | Release Date |
|---|---|---|---|---|---|---|
| Windows Server 2012 R2 (Server Core) | Important | Elevation of Privilege | 5066873 | Monthly Rollup | 6.3.9600[.]22824 | Oct 14, 2025 |
| Windows Server 2012 R2 | Important | Elevation of Privilege | 5066873 | Monthly Rollup | 6.3.9600[.]22824 | Oct 14, 2025 |
| Windows Server 2012 (Server Core) | Important | Elevation of Privilege | 5066875 | Monthly Rollup | 6.2.9200[.]25722 | Oct 14, 2025 |
| Windows Server 2012 | Important | Elevation of Privilege | 5066875 | Monthly Rollup | 6.2.9200[.]25722 | Oct 14, 2025 |
| Windows Server 2008 R2 SP1 (Server Core) | Important | Elevation of Privilege | 5066872, 5066876 | Monthly Rollup, Security Only | 6.1.7601[.]27974 | Oct 14, 2025 |
| Windows Server 2008 R2 SP1 | Important | Elevation of Privilege | 5066872, 5066876 | Monthly Rollup, Security Only | 6.1.7601[.]27974 | Oct 14, 2025 |
| Windows Server 2008 SP2 (Server Core) | Important | Elevation of Privilege | 5066874, 5066877 | Monthly Rollup, Security Only | 6.0.6003[.]23571 | Oct 14, 2025 |
| Windows Server 2008 SP2 | Important | Elevation of Privilege | 5066874, 5066877 | Monthly Rollup, Security Only | 6.0.6003[.]23571 | Oct 14, 2025 |
| Windows Server 2016 (Server Core) | Important | Elevation of Privilege | 5066836 | Security Update | 10.0.14393[.]8519 | Oct 14, 2025 |
| Windows Server 2016 | Important | Elevation of Privilege | 5066836 | Security Update | 10.0.14393[.]8519 | Oct 14, 2025 |
| Windows 10 Version 1607 x64 | Important | Elevation of Privilege | 5066836 | Security Update | 10.0.14393[.]8519 | Oct 14, 2025 |
| Windows 10 x64 | Important | Elevation of Privilege | 5066837 | Security Update | 10.0.10240[.]21161 | Oct 14, 2025 |
| Windows Server 2025 | Important | Elevation of Privilege | 5066835 | Security Update | 10.0.26100[.]6899 | Oct 14, 2025 |
| Windows 11 Version 24H2 x64 | Important | Elevation of Privilege | 5066835 | Security Update | 10.0.26100[.]6899 | Oct 14, 2025 |
| Windows Server 2022 23H2 (Server Core) | Important | Elevation of Privilege | 5066780 | Security Update | 10.0.25398[.]1913 | Oct 14, 2025 |
| Windows 11 Version 23H2 x64 | Important | Elevation of Privilege | 5066793 | Security Update | 10.0.22631[.]6060 | Oct 14, 2025 |
| Windows Server 2025 (Server Core) | Important | Elevation of Privilege | 5066835 | Security Update | 10.0.26100[.]6899 | Oct 14, 2025 |
| Windows 10 Version 22H2 x64 | Important | Elevation of Privilege | 5066791 | Security Update | 10.0.19045[.]6456 | Oct 14, 2025 |
| Windows 11 Version 22H2 x64 | Important | Elevation of Privilege | 5066793 | Security Update | 10.0.22621[.]6060 | Oct 14, 2025 |
| Windows 10 Version 21H2 x64 | Important | Elevation of Privilege | 5066791 | Security Update | 10.0.19044[.]6456 | Oct 14, 2025 |
| Windows Server 2022 (Server Core) | Important | Elevation of Privilege | 5066782 | Security Update | 10.0.20348[.]4294 | Oct 14, 2025 |
| Windows Server 2022 | Important | Elevation of Privilege | 5066782 | Security Update | 10.0.20348[.]4294 | Oct 14, 2025 |
| Windows Server 2019 (Server Core) | Important | Elevation of Privilege | 5066586 | Security Update | 10.0.17763[.]7919 | Oct 14, 2025 |
| Windows Server 2019 | Important | Elevation of Privilege | 5066586 | Security Update | 10.0.17763[.]7919 | Oct 14, 2025 |
| Windows 10 Version 1809 x64 | Important | Elevation of Privilege | 5066586 | Security Update | 10.0.17763[.]7919 | Oct 14, 2025 |
| Windows 11 Version 25H2 x64 | Important | Elevation of Privilege | 5066835 | Security Update | 10.0.26200[.]6899 | Oct 14, 2025 |
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
 from Windows following the discovery of two elevation.){kind=link}