CVE-2025-24990

Name of the Vulnerable Software and Affected Versions Agere Modem driver (affected versions not specified)

Description An untrusted pointer dereference issue exists in the Agere Modem driver ltmdm64.sys natively shipped with supported Windows operating systems. The flaw occurs because certain IOCTL handlers use METHOD NEITHER and fail to verify whether a pointer is a user-mode or kernel-mode address, allowing arbitrary addresses to be passed into kernel space. This can lead to local privilege escalation to SYSTEM, arbitrary code execution in the kernel, and the bypassing of OS protections and EDR/AV software. Exploitation involves opening a handle to the device via CreateFile(".ltmdm64", ...) and using specially crafted user buffers to achieve arbitrary read and write primitives in the kernel. Real-world exploitation of this issue has been recorded.

Recommendations Remove any existing dependencies on the fax modem hardware dependent on the ltmdm64.sys driver. Apply the October cumulative update to remove the ltmdm64.sys driver from the system.