Microsoft's April 2025 Patch Tuesday Fixes Over 130 Vulnerabilities, Including 1 Actively Exploited Zero-Day - LinkedIn
LinkedInArchived Mar 18, 2026✓ Full text saved
Microsoft's April 2025 Patch Tuesday Fixes Over 130 Vulnerabilities, Including 1 Actively Exploited Zero-Day LinkedIn
Full text archived locally
✦ AI Summary· Claude Sonnet
Microsoft’s April 2025 Patch Tuesday has arrived, delivering security updates addressing 134 vulnerabilities across its products. Among these is a critical zero-day vulnerability that has been actively exploited in the wild.
This month’s update also resolves 11 critical remote code execution (RCE) flaws.
Breakdown of Vulnerabilities by Type:
3 Spoofing Vulnerabilities
9 Security Feature Bypass Vulnerabilities
14 Denial of Service Vulnerabilities
17 Information Disclosure Vulnerabilities
31 Remote Code Execution Vulnerabilities
49 Elevation of Privilege Vulnerabilities
Note: These figures do not include vulnerabilities in Microsoft Edge or Mariner, which were addressed in separate updates earlier this month.
Actively Exploited Zero-Day Vulnerability
A zero-day refers to a security vulnerability in a computer system that is unknown to its owners, developers, or anyone able to address it. Until the vulnerability is fixed, cybercriminals can take advantage of it through a zero-day exploit or attack. This Patch Tuesday addresses one actively exploited zero-day vulnerability:
CVE-2025-29824 — Windows Common Log File System Driver Elevation of Privilege Vulnerability
This flaw allows local attackers to gain SYSTEM-level privileges on affected devices.
Currently, security updates for this vulnerability are available for Windows 11 and Windows Server. However, Windows 10 patches are not yet available.
“The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available,” Microsoft explained. “The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”
It remains unclear how attackers are exploiting this flaw in real-world attacks.
The vulnerability was discovered by the Microsoft Threat Intelligence Center (MSTIC).
Notable Vulnerabilities Addressed
Microsoft has resolved several critical vulnerabilities that could lead to elevation of privilege (EOP) and remote code execution (RCE).
Recommended by LinkedIn
Microsoft's March 2025 Patch Tuesday Fixes 57…
The Cyber Security Hub™ 1 year ago
October 2025 Patch Tuesday comes with fixes for 175…
ManageEngine UEMS 5 months ago
MS17-010 RCE Vulnerability & Exploit
𝘼𝙣𝙖𝙣𝙩𝙝 '_," 7 years ago
Among the critical RCE vulnerabilities are CVE-2025-26663 and CVE-2025-26670, both of which are unauthenticated user-after-free issues in the Windows Lightweight Directory Access Protocol (LDAP). Exploiting these flaws requires an attacker to trigger a race condition, sending specially crafted requests to a vulnerable LDAP server.
Similarly, two RCE vulnerabilities in Windows Remote Desktop Services (RDP), CVE-2025-27480 and CVE-2025-27482, can be exploited remotely without user interaction. However, attackers must first connect to a system with the Remote Desktop Gateway role and exploit a race condition to trigger a use-after-free vulnerability.
In addition to applying the provided security updates, users are advised to make RDP inaccessible from the internet or restrict access to trusted IP addresses only.
Other vulnerabilities addressed in this update include:
CVE-2025-27472: A flaw allowing attackers to bypass Windows Mark of the Web (MotW) protections.
CVE-2025-27727: An EOP vulnerability in the Windows Installer.
CVE-2025-29809: A flaw that could allow authorized attackers to bypass Windows Defender Credential Guard and leak Kerberos authentication credentials.
Note that these vulnerabilities have not yet been patched for Windows 10 (both x64-based and 32-bit versions), but security updates are forthcoming and will be released shortly.
As an aside, Microsoft had initially planned to end support for driver update synchronization to Windows Server Update Services (WSUS) servers but has since reversed that decision. For the time being, "WSUS will continue to synchronize driver updates from the Windows Update service and import them from the Microsoft Update Catalog." However, Microsoft has urged organizations to start considering alternative technologies for enhanced security and productivity.
Conclusion
Microsoft’s April 2025 Patch Tuesday delivers crucial updates addressing significant vulnerabilities. Users and administrators are encouraged to review and apply these updates promptly to enhance system security.
REMINDER:
Support for Windows 10 will end in October 2025! After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but it is recommended you move to Windows 11 for continued security and updates.
Seeing What Attackers See: How Attack Graphs Help You Stay Ahead of Cyber Threats
Join this live webinar to see a real-world demo of how malware evades detection, and how it can be stopped before it reaches your network.