Microsoft April 2025 Patch Tuesday

    Published: 2025-04-08. Last Updated: 2025-04-08 18:40:41 UTC
    by Renato Marinho (Version: 1)
    0 comment(s)

    This month, Microsoft has released patches addressing a total of 125 vulnerabilities. Among these, 11 are classified as critical, highlighting the potential for significant impact if exploited. Notably, one vulnerability is currently being exploited in the wild, underscoring the importance of timely updates. While no vulnerabilities were disclosed prior to this patch release, the comprehensive updates aim to fortify systems against a range of threats, including remote code execution and privilege escalation. Users are encouraged to apply these patches promptly to enhance their security posture.

    Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2025-29824)
    This is a zero-day vulnerability with a severity rating of Important and a CVSS score of 7.8, which is currently being exploited in the wild but has not been publicly disclosed. This vulnerability allows an attacker to elevate their privileges to SYSTEM level, posing a significant risk to affected systems. It specifically impacts Windows 10 for both x64-based and 32-bit systems. However, security updates to address this vulnerability are not yet available, and Microsoft plans to release them as soon as possible. Customers will be notified through a revision to the CVE information once the updates are ready.

    Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2025-26663)
    This critical vulnerability, CVE-2025-26663, has not been exploited in the wild nor disclosed publicly, making it a non-zero-day threat. It carries a CVSS score of 8.1, indicating a significant risk due to its potential impact of remote code execution. The vulnerability arises from a race condition that an unauthenticated attacker could exploit by sending specially crafted requests to a vulnerable LDAP server, leading to a use-after-free scenario. Although the attack complexity is high, requiring the attacker to win a race condition, the severity of the potential impact underscores the critical nature of this vulnerability. Currently, security updates for Windows 10 systems are not immediately available, but they will be released as soon as possible, with notifications provided via a revision to the CVE information.

    Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability (CVE-2025-26670)
    This critical vulnerability, identified as CVE-2025-26670, has not been exploited in the wild nor disclosed publicly. It carries a CVSS score of 8.1, indicating a significant risk of remote code execution. The vulnerability arises from a race condition that can be exploited by an unauthenticated attacker sending specially crafted requests to a vulnerable LDAP server, potentially resulting in a use-after-free condition. This could be leveraged to execute arbitrary code remotely. Despite the high attack complexity (AC:H), the potential impact is severe. Currently, security updates for Windows 10 systems are not available, but Microsoft plans to release them as soon as possible, with notifications provided through a revision to the CVE information.

    Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2025-27480)
    This is a critical vulnerability with a CVSS score of 8.1, which has not been exploited in the wild nor publicly disclosed as a zero-day. This vulnerability allows for remote code execution by an attacker who connects to a system with the Remote Desktop Gateway role. The attack involves triggering a race condition to create a use-after-free scenario, which can then be leveraged to execute arbitrary code. Despite its critical severity, the attack complexity is high, requiring the attacker to successfully win a race condition to exploit the vulnerability.

    Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2025-27482)
    This is a critical vulnerability with a CVSS score of 8.1, which has not been exploited in the wild nor disclosed publicly, making it a potential zero-day threat. This vulnerability allows for remote code execution, posing a significant risk to systems with the Remote Desktop Gateway role. Exploitation requires an attacker to successfully navigate a high-complexity attack scenario, specifically by winning a race condition that leads to a use-after-free situation, ultimately enabling the execution of arbitrary code. Organizations are advised to implement robust security measures and monitor for any suspicious activities to mitigate potential risks associated with this vulnerability.

    This summary highlights key vulnerabilities from Microsoft's monthly updates, focusing on those posing significant risks. The Windows Common Log File System Driver vulnerability (CVE-2025-29824) is a zero-day threat actively exploited, allowing attackers to gain SYSTEM-level privileges. Users should prioritize monitoring and applying updates once available. Other critical vulnerabilities, such as those affecting LDAP and Remote Desktop Services, involve complex attack scenarios but pose severe risks due to potential remote code execution. Microsoft Office and Excel vulnerabilities also present significant threats, often requiring user interaction through social engineering tactics. Users are advised to remain vigilant and apply security updates promptly upon release to mitigate these risks.

     

    Description
    CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
    ASP.NET Core and Visual Studio Denial of Service Vulnerability
    CVE-2025-26682 No No - - Important 7.5 6.5
    Active Directory Certificate Services Elevation of Privilege Vulnerability
    CVE-2025-27740 No No - - Important 8.8 7.7
    Active Directory Domain Services Elevation of Privilege Vulnerability
    CVE-2025-29810 No No - - Important 7.5 6.5
    Azure Local Cluster Information Disclosure Vulnerability
    CVE-2025-25002 No No - - Important 6.8 5.9
    CVE-2025-26628 No No - - Important 7.3 6.4
    Azure Local Elevation of Privilege Vulnerability
    CVE-2025-27489 No No - - Important 7.8 6.8
    BitLocker Security Feature Bypass Vulnerability
    CVE-2025-26637 No No - - Important 6.8 5.9
    DirectX Graphics Kernel Elevation of Privilege Vulnerability
    CVE-2025-29812 No No - - Important 7.8 6.8
    HTTP.sys Denial of Service Vulnerability
    CVE-2025-27473 No No - - Important 7.5 6.5
    Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
    CVE-2025-27479 No No - - Important 7.5 6.5
    Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
    CVE-2025-26670 No No - - Critical 8.1 7.1
    Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
    CVE-2025-29800 No No - - Important 7.8 6.8
    CVE-2025-29801 No No - - Important 7.8 6.8
    Microsoft DWM Core Library Elevation of Privilege Vulnerability
    CVE-2025-24074 No No - - Important 7.8 6.8
    CVE-2025-24073 No No - - Important 7.8 6.8
    CVE-2025-24060 No No - - Important 7.8 6.8
    CVE-2025-24062 No No - - Important 7.8 6.8
    Microsoft Dynamics Business Central Information Disclosure Vulnerability
    CVE-2025-29821 No No - - Important 5.5 4.8
    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
    CVE-2025-25000 No No Less Likely Less Likely Important 8.8 7.7
    CVE-2025-29815 No No Less Likely Less Likely Important 7.6 6.6
    Microsoft Edge for iOS Spoofing Vulnerability
    CVE-2025-29796 No No Less Likely Less Likely Low 4.7 4.2
    CVE-2025-25001 No No Less Likely Less Likely Low 4.3 3.8
    Microsoft Excel Remote Code Execution Vulnerability
    CVE-2025-27751 No No - - Important 7.8 6.8
    CVE-2025-27752 No No - - Critical 7.8 6.8
    CVE-2025-27750 No No - - Important 7.8 6.8
    CVE-2025-29791 No No - - Critical 7.8 6.8
    CVE-2025-29823 No No - - Important 7.8 6.8
    Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
    CVE-2025-26641 No No - - Important 7.5 6.5
    Microsoft Office Elevation of Privilege Vulnerability
    CVE-2025-27744 No No - - Important 7.8 6.8
    CVE-2025-29792 No No - - Important 7.3 6.4
    Microsoft Office Remote Code Execution Vulnerability
    CVE-2025-27745 No No - - Critical 7.8 6.8
    CVE-2025-27746 No No - - Important 7.8 6.8
    CVE-2025-27748 No No - - Critical 7.8 6.8
    CVE-2025-27749 No No - - Critical 7.8 6.8
    CVE-2025-26642 No No - - Important 7.8 6.8
    Microsoft OneNote Security Feature Bypass Vulnerability
    CVE-2025-29822 No No - - Important 7.8 6.8
    Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability
    CVE-2025-27731 No No - - Important 7.8 6.8
    Microsoft SharePoint Remote Code Execution Vulnerability
    CVE-2025-29793 No No - - Important 7.2 6.3
    CVE-2025-29794 No No - - Important 8.8 7.7
    Microsoft Streaming Service Denial of Service Vulnerability
    CVE-2025-27471 No No - - Important 5.9 5.2
    Microsoft System Center Elevation of Privilege Vulnerability
    CVE-2025-27743 No No - - Important 7.8 6.8
    Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
    CVE-2025-26688 No No - - Important 7.8 6.8
    Microsoft Word Remote Code Execution Vulnerability
    CVE-2025-27747 No No - - Important 7.8 6.8
    CVE-2025-29820 No No - - Important 7.8 6.8
    Microsoft Word Security Feature Bypass Vulnerability
    CVE-2025-29816 No No - - Important 7.5 6.5
    NTFS Elevation of Privilege Vulnerability
    CVE-2025-27741 No No - - Important 7.8 6.8
    CVE-2025-27483 No No - - Important 7.8 6.8
    CVE-2025-27733 No No - - Important 7.8 6.8
    NTFS Information Disclosure Vulnerability
    CVE-2025-27742 No No - - Important 5.5 4.8
    Outlook for Android Information Disclosure Vulnerability
    CVE-2025-29805 No No - - Important 7.5 6.5
    RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
    CVE-2025-26679 No No - - Important 7.8 6.8
    Remote Desktop Client Remote Code Execution Vulnerability
    CVE-2025-27487 No No - - Important 8.0 7.0
    Visual Studio Code Elevation of Privilege Vulnerability
    CVE-2025-20570 No No - - Important 6.8 5.9
    Visual Studio Elevation of Privilege Vulnerability
    CVE-2025-29802 No No - - Important 7.3 6.4
    CVE-2025-29804 No No - - Important 7.3 6.4
    Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
    CVE-2025-29803 No No - - Important 7.3 6.4
    Win32k Elevation of Privilege Vulnerability
    CVE-2025-26681 No No - - Important 6.7 6.0
    CVE-2025-26687 No No - - Important 7.5 6.5
    Windows Admin Center in Azure Portal Information Disclosure Vulnerability
    CVE-2025-29819 No No - - Important 6.2 5.4
    Windows Bluetooth Service Elevation of Privilege Vulnerability
    CVE-2025-27490 No No - - Important 7.8 6.8
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2025-29824 No Yes - - Important 7.8 7.2
    Windows Cryptographic Services Information Disclosure Vulnerability
    CVE-2025-29808 No No - - Important 5.5 4.8
    Windows DWM Core Library Elevation of Privilege Vulnerability
    CVE-2025-24058 No No - - Important 7.8 6.8
    Windows Defender Application Control Security Feature Bypass Vulnerability
    CVE-2025-26678 No No - - Important 8.4 7.3
    Windows Digital Media Elevation of Privilege Vulnerability
    CVE-2025-27476 No No - - Important 7.8 6.8
    CVE-2025-26640 No No - - Important 7.0 6.1
    CVE-2025-27467 No No - - Important 7.8 6.8
    CVE-2025-27730 No No - - Important 7.8 6.8
    Windows Graphics Component Elevation of Privilege Vulnerability
    CVE-2025-27732 No No - - Important 7.0 6.1
    Windows Hello Security Feature Bypass Vulnerability
    CVE-2025-26635 No No - - Important 6.5 5.7
    Windows Hello Spoofing Vulnerability
    CVE-2025-26644 No No - - Important 5.1 4.5
    Windows Hyper-V Remote Code Execution Vulnerability
    CVE-2025-27491 No No - - Critical 7.1 6.2
    Windows Installer Elevation of Privilege Vulnerability
    CVE-2025-27727 No No - - Important 7.8 6.8
    Windows Kerberos Elevation of Privilege Vulnerability
    CVE-2025-26647 No No - - Important 8.1 7.1
    Windows Kerberos Security Feature Bypass Vulnerability
    CVE-2025-29809 No No - - Important 7.1 6.5
    Windows Kernel Elevation of Privilege Vulnerability
    CVE-2025-26648 No No - - Important 7.8 6.8
    CVE-2025-27739 No No - - Important 7.8 6.8
    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
    CVE-2025-27728 No No - - Important 7.8 6.8
    Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
    CVE-2025-26673 No No - - Important 7.5 6.5
    CVE-2025-27469 No No - - Important 7.5 6.5
    Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
    CVE-2025-26663 No No - - Critical 8.1 7.1
    Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
    CVE-2025-27478 No No - - Important 7.0 6.1
    CVE-2025-21191 No No - - Important 7.0 6.1
    Windows Local Session Manager (LSM) Denial of Service Vulnerability
    CVE-2025-26651 No No - - Important 6.5 5.7
    Windows Mark of the Web Security Feature Bypass Vulnerability
    CVE-2025-27472 No No - - Important 5.4 4.7
    Windows Media Remote Code Execution Vulnerability
    CVE-2025-26666 No No - - Important 7.8 6.8
    CVE-2025-26674 No No - - Important 7.8 6.8
    Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
    CVE-2025-29811 No No - - Important 7.8 6.8
    Windows NTFS Information Disclosure Vulnerability
    CVE-2025-21197 No No - - Important 6.5 5.7
    Windows Power Dependency Coordinator Information Disclosure Vulnerability
    CVE-2025-27736 No No - - Important 5.5 4.8
    Windows Process Activation Elevation of Privilege Vulnerability
    CVE-2025-21204 No No - - Important 7.8 6.8
    Windows Remote Desktop Services Remote Code Execution Vulnerability
    CVE-2025-26671 No No - - Important 8.1 7.1
    CVE-2025-27480 No No - - Critical 8.1 7.1
    CVE-2025-27482 No No - - Critical 8.1 7.1
    Windows Resilient File System (ReFS) Information Disclosure Vulnerability
    CVE-2025-27738 No No - - Important 6.5 5.7
    Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
    CVE-2025-26664 No No - - Important 6.5 5.7
    CVE-2025-26669 No No - - Important 8.8 7.7
    CVE-2025-26667 No No - - Important 6.5 5.7
    CVE-2025-27474 No No - - Important 6.5 5.7
    CVE-2025-21203 No No - - Important 6.5 5.7
    CVE-2025-26672 No No - - Important 6.5 5.7
    CVE-2025-26676 No No - - Important 6.5 5.7
    Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
    CVE-2025-26668 No No - - Important 7.5 6.5
    Windows Secure Channel Elevation of Privilege Vulnerability
    CVE-2025-26649 No No - - Important 7.0 6.1
    CVE-2025-27492 No No - - Important 7.0 6.1
    Windows Security Zone Mapping Security Feature Bypass Vulnerability
    CVE-2025-27737 No No - - Important 8.6 7.5
    Windows Shell Remote Code Execution Vulnerability
    CVE-2025-27729 No No - - Important 7.8 6.8
    Windows Standards-Based Storage Management Service Denial of Service Vulnerability
    CVE-2025-26680 No No - - Important 7.5 6.5
    CVE-2025-27470 No No - - Important 7.5 6.5
    CVE-2025-21174 No No - - Important 7.5 6.5
    CVE-2025-26652 No No - - Important 7.5 6.5
    CVE-2025-27485 No No - - Important 7.5 6.5
    CVE-2025-27486 No No - - Important 7.5 6.5
    Windows Subsystem for Linux Elevation of Privilege Vulnerability
    CVE-2025-26675 No No - - Important 7.8 6.8
    Windows TCP/IP Remote Code Execution Vulnerability
    CVE-2025-26686 No No - - Critical 7.5 6.5
    Windows Telephony Service Remote Code Execution Vulnerability
    CVE-2025-27477 No No - - Important 8.8 7.7
    CVE-2025-21205 No No - - Important 8.8 7.7
    CVE-2025-21221 No No - - Important 8.8 7.7
    CVE-2025-21222 No No - - Important 8.8 7.7
    CVE-2025-27481 No No - - Important 8.8 7.7
    Windows USB Print Driver Elevation of Privilege Vulnerability
    CVE-2025-26639 No No - - Important 7.8 6.8
    Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
    CVE-2025-27484 No No - - Important 7.5 6.5
    Windows Update Stack Elevation of Privilege Vulnerability
    CVE-2025-27475 No No - - Important 7.0 6.1
    Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
    CVE-2025-27735 No No - - Important 6.0 5.2
    Windows upnphost.dll Elevation of Privilege Vulnerability
    CVE-2025-26665 No No - - Important 7.0 6.1

    --

    Renato Marinho
    LinkedIn|Twitter

     

    Keywords:
    0 comment(s)
    ISC Stormcast For Tuesday, April 8th, 2025 https://isc.sans.edu/podcastdetail/9398

      Comments


      Diary Archives