Microsoft rolled out the month-to-month safety updates for April, fixing over 100 completely different vulnerabilities. The April Patch Tuesday is especially notable as Microsoft additionally addressed an actively exploited zero-day flaw. Customers should guarantee patching their units promptly with these units to keep away from doable threats.
Noteworthy Patch Tuesday Fixes From Microsoft For April 2025
This month’s safety updates addressed 11 critical-severity points. Of those, 5 vulnerabilities affected Microsoft Excel, 2 existed in Home windows Distant Desktop Providers, and 1 every in Home windows Hyper-V, Home windows Light-weight Listing Entry Protocol (LDAP), and Home windows TCP/IP.
In addition to, the replace consists of 110 vital severity vulnerabilities that might result in distant code execution (22), denial of service (14), privilege escalation (48), safety function bypass (9), data disclosure (16), and spoofing (1).
Essentially the most noteworthy of those flaws embody:
- CVE-2025-26670 (vital; CVSS 8.1): A use-after-free flaw in Light-weight Listing Entry Protocol (LDAP) Shopper permitting distant code execution from an unauthorized attacker over a community.
- CVE-2025-26686 (vital; CVSS 7.5): A distant code execution vulnerability that existed on account of delicate knowledge storage in improperly locked reminiscence in Home windows TCP/IP.
- CVE-2025-27740 (vital; CVSS 8.8): A privilege escalation vulnerability in Lively Listing Certificates Providers that might let an authenticated attacker manipulate accounts’ attributes and achieve area administrator privileges through ADCS certificates.
- CVE-2025-26669 (vital; CVSS 8.8): An out-of-bounds learn in Home windows Routing and Distant Entry Service (RRAS) that might let an unauthorized attacker learn parts of heap reminiscence and disclosure data over the community. An attacker may set off the flaw by tricking the sufferer consumer into sending a request to the malicious server, which, in return, would ship malicious knowledge resulting in arbitrary code execution.
- CVE-2025-26678 (vital; CVSS 8.4): A safety function bypass existed on account of improper entry management within the Home windows Defender Software Management, permitting assaults from an unauthorized adversary.
Exploiting the vulnerability may permit the attacker to win a race situation, additional resulting in distant code execution. Triggering this vulnerability merely required the attacker to ship maliciously.
Actively Exploited Zero-Day Fastened Too
With April Patch Tuesday, Microsoft mounted a critical zero-day vulnerability in Home windows Widespread Log File System Driver. Based on Microsoft’s advisory, a use-after-free flaw within the driver may permit elevated privileges to a licensed adversary, together with SYSTEM privileges.
This vulnerability acquired the CVE ID CVE-2025-29824 and a CVSS rating of seven.8. Whereas the vulnerability remained undisclosed, it caught the eye of menace actors earlier than a repair. Microsoft additionally confirmed detecting energetic exploitation makes an attempt of this flaw.
Whereas the patch has been launched for the most recent units, Home windows 10 methods nonetheless await a repair. As defined within the advisory, updates for Home windows 10 (for each x64-based Programs and 32-bit Programs) will probably be out there quickly. Till then, the units stay susceptible to the menace, requiring cautious use of methods from the customers. Alternatively, customers could select to improve their methods to Home windows 11 to obtain all safety updates promptly.
Tell us your ideas within the feedback.
