this post was submitted on 15 Oct 2025

434 points (99.3% liked)

Technology

76089 readers

2408 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

434

Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped (thehackernews.com)

submitted 1 day ago by Delta_V@lemmy.world to c/technology@lemmy.world

50 comments fedilink hide all child comments

..."The vulnerable driver ships with every version of Windows, up to and including Server 2025," Adam Barnett, lead software engineer at Rapid7, said. "Maybe your fax modem uses a different chipset, and so you don't need the Agere driver? Perhaps you've simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator."...

you are viewing a single comment's thread
view the rest of the comments

[–] paraphrand@lemmy.world 65 points 1 day ago* (last edited 1 day ago) (5 children)

It’s interesting that this supposedly goes back to Windows 3.1 and the original release…

[–] 87Six@lemmy.zip 10 points 9 hours ago

Ah yes the 0-decade vulnerability...

Boi will I miss the ever-encompasing shield of Microsoft when my Windows 10 stops receiving updates...

[–] EndlessNightmare@reddthat.com 22 points 1 day ago

I was curious about the "every version ever shipped."

This gets really old school.

[–] SnotFlickerman@lemmy.blahaj.zone 53 points 1 day ago* (last edited 1 day ago) (3 children)

Other articles make more clear why that is.

https://cyberpress.org/windows-agere-modem-driver-0-day-flaws/

Rather than issuing a traditional patch for each vulnerability, Microsoft’s October cumulative update completely removes the ltmdm64.sys driver from affected systems.

As a result, all fax modem hardware relying on the Agere Modem driver will cease to function. While mail and messaging over IP have largely supplanted analog modems, some industrial and legacy applications still depend on fax modems.

Organizations must therefore audit their environments for any remaining modem dependencies and either migrate to supported alternatives or implement workarounds where available.

Microsoft’s advisory explicitly recommends that customers eliminate any reliance on the deprecated hardware to avoid service disruptions.

So maybe not all the way back to the original release, but back to the first release that included this specific telephony modem driver, ltmdm64.sys. If I recall correctly, Windows 3.1 brought networking capabilities.

However, another article claims it has only been shipped with every version of Windows since 2006.

https://www.thestack.technology/windows-users-hacked-due-to-legacy-fax-modem-driver/

CVE-2025-24990 was credited to a security researcher going by the handle @shitsecure who told The Stack by DM “it’s a driver from 2006, never changed… I think it was historically shipped with everything, although that doesn’t make sense at all.”

Which honestly makes a lot more sense, since the "64" part of the driver name implies it's for 64 bit systems, which were first introduced in 2003.

Some more extraneous info on this driver/hardware:

https://www.sysnative.com/forums/drivers/1216/driver

https://theretroweb.com/chips/10725

https://en.wikipedia.org/wiki/Agere_Systems

[–] muusemuuse@sh.itjust.works 4 points 7 hours ago (1 children)

That’s still a lot of people that use that damn driver. I know at least in medical billing there’s always someone still using a damn fax machine. Almost every claim passes through fax technology at some point, although more and more of it is being emulated.

Where I work, it’s used mostly by emergency rooms that don’t want to use anything else.

This is not an environment where you want an exploit.

[–] GaryGhost@lemmy.world 1 points 4 hours ago

Time to move that paper hybrid system to a full EHR.

[–] floquant@lemmy.dbzer0.com 2 points 8 hours ago

Are there any figures for how widespread that Agere chip is? I wonder if any German companies are going to be bit in the aas by this lol

[–] paraphrand@lemmy.world 8 points 1 day ago* (last edited 1 day ago) (1 children)

Thanks for the details!

I wonder how often they clean stuff up like this. That crossed my mind earlier, I’m sure there is a bunch of “dormant” software that could be cleaned out or made optional in some way.

But the making it optional idea is easier said than done. Especially from a standpoint of discoverability and usability.

[–] SnotFlickerman@lemmy.blahaj.zone 6 points 1 day ago* (last edited 1 day ago) (1 children)

Right, it was referenced in one of the articles that a bunch of legacy industrial machines likely still use this hardware, so the people using those old machines are probably going to have to go dig up PCI modems from that era without the Agere/Lucent chipset.

I'm sure you're right and there's lots of stuff they've missed like this over the years that they sort of kept on for compatibility but that opens exploits due to how old they are.

[+] adespoton@lemmy.ca -7 points 1 day ago (1 children)

People using that legacy hardware generally can’t run Windows 10, which just ended support this month. The patch is only for Windows 11, which won’t run on older hardware.

[–] SnotFlickerman@lemmy.blahaj.zone 17 points 1 day ago* (last edited 1 day ago) (1 children)

The patch is for Windows 10, Windows 11, and Server 2008 up to Server 2025.

Further, there's companies that make custom-built modern machines that support classic PCI and modern operating systems and classic operating systems.

It's conceivable that legacy systems are using modern OSes with virtualization running a legacy OS and legacy PCI cards, for example. It's not beyond the realm of possibility.

https://nixsys.com/legacy-computers/pci-slot-computers

[–] mic_check_one_two@lemmy.dbzer0.com 3 points 9 hours ago

Further, there's companies that make custom-built modern machines that support classic PCI and modern operating systems and classic operating systems.

Yeah, some extremely expensive equipment at my job runs on Adobe Flash. Modern machines won’t even allow Flash to run because it’s so insecure. We just updated the control PC for that equipment last year; It’s a computer that is dual-booting Windows 11 and Windows XP. It boots into WinXP by default, to be able to run Flash. Then if you ever need to update it, you can swap over to Win11 to be able to connect to the internet.

[–] Agent641@lemmy.world 14 points 1 day ago

Personally I blame Dave Plummer.

[–] Delta_V@lemmy.world 5 points 1 day ago (1 children)

makes you wonder if/how/by who its been used all these years

[–] deathbird@mander.xyz 5 points 1 day ago

I expect it's stuff like ATMs, Coinstar machines. Things that may need to phone home regularly but don't need to sit online constantly.