That Fax machine you’ve got – It’s letting hackers target you!

What fax machine?

Nobody uses Fax machine anymore – do they?

Well, outside of the medical, banking, legal, insurance, and real estate industries, few people have little need of faxing things – most things are fine to simply be emailed, or messaged via an app such as WhatsApp, etc.

However….

Microsoft Windows still includes a Fax service as part of their operating system – It’s been there quietly waiting for somebody to use it since as far back as Windows 2000.

The utility is known as Windows Fax Services and has an application to use it known as Windows Fax and Scan.

The service uses a driver called ltmdm64.sys which resides in the \System32\DriverStore\FileRepository directory.

This driver is the focus of the vulnerability being tracked as CVE-2025-24990 and carries a CVSS score of 7.8 High

The vulnerable driver has been known to be used in exploits that allow threat actors the ability to access systems remotely – it is included in the CISA known exploited vulnerabilities database

If successful, an attacker could gain administrator privileges to the machine

Now, because this driver is an integral part of Windows, no antivirus will pick it up, so it really is not known how long this vulnerability has been exploited in the wild – the vulnerability itself was only identified to Microsoft in October this year, so it could have been used for attacks for the last 19-odd years – we will never know.

Now that Microsoft do know about it, they have chosen to simply delete the driver from PC’s in their latest update – They are not going to fix the driver as they don’t believe anyone uses it – so fingers crossed nobody does use it, or they will find they cannot send faxes anymore after the update.

The “fix” has been pushed out in the October cumulative update, so you need to check that you have downloaded an applied the update to remove the vulnerability from your machine