Saturday, April 26, 2025
Follow us On Linkedin
HomeCyber Security NewsMicrosoft April 2025 Patch Tuesday: Fixing 121 Vulnerabilities, Including a Critical Zero-Day

Microsoft April 2025 Patch Tuesday: Fixing 121 Vulnerabilities, Including a Critical Zero-Day

Cyber Security NewsVulnerability

Published on

By Gurubaran
Microsoft April 2025 Patch Tuesday: 121 Vulnerabilities, Including a Zero-Day Actively Under Attack

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Microsoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across its software ecosystem.

This comprehensive update includes fixes for critical issues such as the elevation of privilege, remote code execution, and information disclosure vulnerabilities.

Among the patched flaws is a zero-day vulnerability actively exploited in the wild, underscoring the urgency for users and administrators to apply the updates promptly.

- Advertisement - Google News

Breakdown of Vulnerabilities

The 121 vulnerabilities span multiple categories, with several classified as critical due to their potential to compromise systems or disrupt operations. Below is a detailed breakdown:

  • Elevation of Privilege: 49 vulnerabilities
  • Remote Code Execution: 31 vulnerabilities
  • Information Disclosure: 16 vulnerabilities
  • Denial of Service: 14 vulnerabilities
  • Security Feature Bypass: 9 vulnerabilities
  • Spoofing: 1 vulnerability
  • Zero-Day Exploit: 1 vulnerability

The Zero-Day Vulnerability: CVE-2025-29824

The most concerning issue in this update is CVE-2025-29824, a zero-day vulnerability actively exploited prior to the release.

This elevation of privilege flaw resides in the Windows Common Log File System (CLFS) driver, which operates at a low level within the Windows kernel.

If successfully exploited, attackers can gain SYSTEM-level privileges, enabling them to execute arbitrary code, install malware, modify system settings, or access sensitive data.

Microsoft confirmed that attackers leveraging this vulnerability could escalate permissions beyond initial access levels. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company stated.

Critical Remote Code Execution Vulnerabilities

In addition to the zero-day exploit, several critical remote code execution vulnerabilities were patched. These include flaws in widely used components such as Microsoft Office, Windows Hyper-V, and Remote Desktop Services. Some notable CVEs include:

  • CVE-2025-26663: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
  • CVE-2025-27745: Microsoft Office Remote Code Execution Vulnerability
  • CVE-2025-27480: Windows Remote Desktop Services Remote Code Execution Vulnerability.

These vulnerabilities could allow attackers to execute malicious code remotely on unpatched systems, posing significant risks to organizations relying on these services.

The update also addresses several elevation of privilege vulnerabilities in components like NTFS, Kerberos, and Visual Studio Tools for Applications.

Denial-of-service flaws affecting HTTP.sys and Windows Standards-Based Storage Management Service were also patched.

Information disclosure vulnerabilities impacting Azure Local Cluster and Microsoft Dynamics Business Central were resolved.

Microsoft Patch Tuesday April 2025

CVE Number (Link)CVE TitleImpactMax Severity
CVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityRemote Code ExecutionCritical
CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26666Windows Media Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-26681Win32k Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-26687Win32k Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27473HTTP.sys Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27741NTFS Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27742NTFS Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-29824Windows Common Log File System Driver Elevation of Privilege Vulnerability (Zero-Day)Elevation of PrivilegeImportant
CVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-21197Windows NTFS Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26635Windows Hello Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-26637BitLocker Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-26644Windows Hello Spoofing VulnerabilitySpoofingImportant
CVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-26674Windows Media Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27483NTFS Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27489Azure Local Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of ServiceImportant
CVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27729Windows Shell Remote Code Execution VulnerabilityRemote Code ExecutionImportant
CVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27733NTFS Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-29805Outlook for Android Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilitySecurity Feature BypassImportant
CVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityInformation DisclosureImportant
CVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of PrivilegeImportant
CVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityDenial of ServiceImportant

Microsoft strongly advises users and IT administrators to apply these updates immediately via Windows Update or enterprise management tools.

The presence of an actively exploited zero-day makes delaying updates particularly risky.

Organizations should prioritize patching systems vulnerable to remote code execution flaws and elevation of privilege exploits.

The April 2025 Patch Tuesday highlights the growing sophistication of cyber threats and the importance of proactive security measures.

With a zero-day vulnerability actively under attack and numerous critical flaws patched, this update serves as a reminder for organizations to maintain robust defenses against evolving threats.

By applying these patches promptly, users can protect their systems from exploitation and ensure continued security in an increasingly complex digital landscape.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CISO

How to Develop a Strong Security Culture – Advice for CISOs and CSOs

Developing a strong security culture is one of the most critical responsibilities for today’s...
cyber security

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...
Cyber Attack

“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power...
cyber security

Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users

Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing,"...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

cyber security

DragonForce and Anubis Ransomware Gangs Launch New Affiliate Programs

Secureworks Counter Threat Unit (CTU) researchers have uncovered innovative strategies deployed by the DragonForce...
Cyber Attack

“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed "Power...
cyber security

Threat Actors Register Over 26,000 Domains Imitating Brands to Deceive Users

Researchers from Unit 42 have uncovered a massive wave of SMS phishing, or "smishing,"...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved