Microsoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across its software ecosystem.
This comprehensive update includes fixes for critical issues such as the elevation of privilege, remote code execution, and information disclosure vulnerabilities.
Among the patched flaws is a zero-day vulnerability actively exploited in the wild, underscoring the urgency for users and administrators to apply the updates promptly.
The 121 vulnerabilities span multiple categories, with several classified as critical due to their potential to compromise systems or disrupt operations. Below is a detailed breakdown:
The most concerning issue in this update is CVE-2025-29824, a zero-day vulnerability actively exploited prior to the release.
This elevation of privilege flaw resides in the Windows Common Log File System (CLFS) driver, which operates at a low level within the Windows kernel.
If successfully exploited, attackers can gain SYSTEM-level privileges, enabling them to execute arbitrary code, install malware, modify system settings, or access sensitive data.
Microsoft confirmed that attackers leveraging this vulnerability could escalate permissions beyond initial access levels. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” the company stated.
In addition to the zero-day exploit, several critical remote code execution vulnerabilities were patched. These include flaws in widely used components such as Microsoft Office, Windows Hyper-V, and Remote Desktop Services. Some notable CVEs include:
These vulnerabilities could allow attackers to execute malicious code remotely on unpatched systems, posing significant risks to organizations relying on these services.
The update also addresses several elevation of privilege vulnerabilities in components like NTFS, Kerberos, and Visual Studio Tools for Applications.
Denial-of-service flaws affecting HTTP.sys and Windows Standards-Based Storage Management Service were also patched.
Information disclosure vulnerabilities impacting Azure Local Cluster and Microsoft Dynamics Business Central were resolved.
| CVE Number (Link) | CVE Title | Impact | Max Severity |
|---|---|---|---|
| CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26665 | Windows upnphost.dll Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26666 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26681 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-26687 | Win32k Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26688 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-27476 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27475 | Windows Update Stack Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27478 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27479 | Kerberos Key Distribution Proxy Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27741 | NTFS Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27744 | Microsoft Office Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27742 | NTFS Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-27746 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27743 | Microsoft System Center Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29822 | Microsoft OneNote Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability (Zero-Day) | Elevation of Privilege | Important |
| CVE-2025-24074 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-24073 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21174 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-21197 | Windows NTFS Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21191 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21205 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21203 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-21204 | Windows Process Activation Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21221 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-21222 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-24058 | Windows DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-25002 | Azure Local Cluster Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26639 | Windows USB Print Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26635 | Windows Hello Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-26637 | BitLocker Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-26642 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26640 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-26644 | Windows Hello Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-26648 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26649 | Windows Secure Channel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26647 | Windows Kerberos Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-26675 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-26678 | Windows Defender Application Control Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-26679 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27467 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27484 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27483 | NTFS Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27489 | Azure Local Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27492 | Windows Secure Channel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27490 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-27728 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27731 | Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27730 | Windows Digital Media Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27732 | Windows Graphics Component Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27733 | NTFS Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-27737 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-27738 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-27739 | Windows Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29803 | Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29800 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29802 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29801 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29804 | Visual Studio Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29805 | Outlook for Android Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29810 | Active Directory Domain Services Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29816 | Microsoft Word Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-29819 | Windows Admin Center in Azure Portal Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29811 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-20570 | Visual Studio Code Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-24060 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-24062 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26682 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | Denial of Service | Important |
Microsoft strongly advises users and IT administrators to apply these updates immediately via Windows Update or enterprise management tools.
The presence of an actively exploited zero-day makes delaying updates particularly risky.
Organizations should prioritize patching systems vulnerable to remote code execution flaws and elevation of privilege exploits.
The April 2025 Patch Tuesday highlights the growing sophistication of cyber threats and the importance of proactive security measures.
With a zero-day vulnerability actively under attack and numerous critical flaws patched, this update serves as a reminder for organizations to maintain robust defenses against evolving threats.
By applying these patches promptly, users can protect their systems from exploitation and ensure continued security in an increasingly complex digital landscape.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Microsoft Teams users across the globe are experiencing significant disruptions in file-sharing capabilities due to…
Cloud computing has transformed the way organizations operate, offering unprecedented scalability, flexibility, and cost savings.…
Security awareness has become a critical component of organizational defense strategies, particularly as companies adopt…
Security researchers have unveiled a new malware process injection technique dubbed "Waiting Thread Hijacking" (WTH),…
The global regulatory landscape for cybersecurity is undergoing a seismic shift, with the European Union’s…
A sophisticated new malware suite targeting macOS, dubbed "PasivRobber," has been discovered by security researchers.…
.png?w=1600&resize=1600,900&ssl=1)
.webp?w=1600&resize=1600,900&ssl=1)