Yesterday’s Krebs on Security post about the January 2026 Microsoft updates included a very interesting paragraph:
““That’s not a typo; this vulnerability [CVE-2023-31096] was originally published via MITRE over two years ago, along with a credible public writeup by the original researcher,” Barnett [at Rapid7] said. “Today’s Windows patches remove agrsm64.sys and agrsm.sys. All three modem drivers were originally developed by the same now-defunct third party, and have been included in Windows for decades. These driver removals will pass unnoticed for most people, but you might find active modems still in a few contexts, including some industrial control systems [emphasis added].””
It will be interesting to see how quickly this starts
getting addressed in control system advisories as a third-party vulnerability,
especially since there is a publicly
available exploit for the vulnerability. Of course, the removal of the
driver from patched Windows systems will be of more immediate concern if a
modem using the driver is being run on that system. Of course, this is why you
would test updates before running them in a live control system.
Posts
