this post was submitted on 15 Oct 2025
418 points (99.3% liked)

Technology

76089 readers
2850 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
418
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped (thehackernews.com)
submitted 1 day ago by Delta_V@lemmy.world to c/technology@lemmy.world
50 comments fedilink hide all child comments
 

..."The vulnerable driver ships with every version of Windows, up to and including Server 2025," Adam Barnett, lead software engineer at Rapid7, said. "Maybe your fax modem uses a different chipset, and so you don't need the Agere driver? Perhaps you've simply discovered email? Tough luck. Your PC is still vulnerable, and a local attacker with a minimally privileged account can elevate to administrator."...

you are viewing a single comment's thread
view the rest of the comments
[–] SnotFlickerman@lemmy.blahaj.zone 53 points 22 hours ago* (last edited 22 hours ago) (3 children)

Other articles make more clear why that is.

https://cyberpress.org/windows-agere-modem-driver-0-day-flaws/

Rather than issuing a traditional patch for each vulnerability, Microsoft’s October cumulative update completely removes the ltmdm64.sys driver from affected systems.

As a result, all fax modem hardware relying on the Agere Modem driver will cease to function. While mail and messaging over IP have largely supplanted analog modems, some industrial and legacy applications still depend on fax modems.

Organizations must therefore audit their environments for any remaining modem dependencies and either migrate to supported alternatives or implement workarounds where available.

Microsoft’s advisory explicitly recommends that customers eliminate any reliance on the deprecated hardware to avoid service disruptions.

So maybe not all the way back to the original release, but back to the first release that included this specific telephony modem driver, ltmdm64.sys. If I recall correctly, Windows 3.1 brought networking capabilities.

However, another article claims it has only been shipped with every version of Windows since 2006.

https://www.thestack.technology/windows-users-hacked-due-to-legacy-fax-modem-driver/

CVE-2025-24990 was credited to a security researcher going by the handle @shitsecure who told The Stack by DM “it’s a driver from 2006, never changed… I think it was historically shipped with everything, although that doesn’t make sense at all.”

Which honestly makes a lot more sense, since the "64" part of the driver name implies it's for 64 bit systems, which were first introduced in 2003.

Some more extraneous info on this driver/hardware:

https://www.sysnative.com/forums/drivers/1216/driver

https://theretroweb.com/chips/10725

https://en.wikipedia.org/wiki/Agere_Systems

[–] muusemuuse@sh.itjust.works 2 points 1 hour ago

That’s still a lot of people that use that damn driver. I know at least in medical billing there’s always someone still using a damn fax machine. Almost every claim passes through fax technology at some point, although more and more of it is being emulated.

Where I work, it’s used mostly by emergency rooms that don’t want to use anything else.

This is not an environment where you want an exploit.

[–] floquant@lemmy.dbzer0.com 2 points 2 hours ago

Are there any figures for how widespread that Agere chip is? I wonder if any German companies are going to be bit in the aas by this lol

[–] paraphrand@lemmy.world 8 points 22 hours ago* (last edited 22 hours ago) (1 children)

Thanks for the details!

I wonder how often they clean stuff up like this. That crossed my mind earlier, I’m sure there is a bunch of “dormant” software that could be cleaned out or made optional in some way.

But the making it optional idea is easier said than done. Especially from a standpoint of discoverability and usability.

[–] SnotFlickerman@lemmy.blahaj.zone 5 points 22 hours ago* (last edited 22 hours ago) (1 children)

Right, it was referenced in one of the articles that a bunch of legacy industrial machines likely still use this hardware, so the people using those old machines are probably going to have to go dig up PCI modems from that era without the Agere/Lucent chipset.

I'm sure you're right and there's lots of stuff they've missed like this over the years that they sort of kept on for compatibility but that opens exploits due to how old they are.