Microsoft rolled out the month-to-month safety updates for April, fixing over 100 completely different vulnerabilities. The April Patch Tuesday is especially notable as Microsoft additionally addressed an actively exploited zero-day flaw. Customers should guarantee patching their units promptly with these units to keep away from attainable threats.
Noteworthy Patch Tuesday Fixes From Microsoft For April 2025
This month’s safety updates addressed 11 critical-severity points. Of those, 5 vulnerabilities affected Microsoft Excel, 2 existed in Home windows Distant Desktop Providers, and 1 every in Home windows Hyper-V, Home windows Light-weight Listing Entry Protocol (LDAP), and Home windows TCP/IP.
In addition to, the replace consists of 110 vital severity vulnerabilities that might result in distant code execution (22), denial of service (14), privilege escalation (48), safety function bypass (9), info disclosure (16), and spoofing (1).
Essentially the most noteworthy of those flaws embody:
- CVE-2025-26670 (vital; CVSS 8.1): A use-after-free flaw in Light-weight Listing Entry Protocol (LDAP) Shopper permitting distant code execution from an unauthorized attacker over a community.
- CVE-2025-26686 (vital; CVSS 7.5): A distant code execution vulnerability that existed as a consequence of delicate information storage in improperly locked reminiscence in Home windows TCP/IP.
- CVE-2025-27740 (vital; CVSS 8.8): A privilege escalation vulnerability in Lively Listing Certificates Providers that might let an authenticated attacker manipulate accounts’ attributes and acquire area administrator privileges through ADCS certificates.
- CVE-2025-26669 (vital; CVSS 8.8): An out-of-bounds learn in Home windows Routing and Distant Entry Service (RRAS) that might let an unauthorized attacker learn parts of heap reminiscence and disclosure info over the community. An attacker might set off the flaw by tricking the sufferer consumer into sending a request to the malicious server, which, in return, would ship malicious information resulting in arbitrary code execution.
- CVE-2025-26678 (vital; CVSS 8.4): A safety function bypass existed as a consequence of improper entry management within the Home windows Defender Software Management, permitting assaults from an unauthorized adversary.
Exploiting the vulnerability might permit the attacker to win a race situation, additional resulting in distant code execution. Triggering this vulnerability merely required the attacker to ship maliciously.
Actively Exploited Zero-Day Mounted Too
With April Patch Tuesday, Microsoft fastened a critical zero-day vulnerability in Home windows Frequent Log File System Driver. In keeping with Microsoft’s advisory, a use-after-free flaw within the driver might permit elevated privileges to a certified adversary, together with SYSTEM privileges.
This vulnerability obtained the CVE ID CVE-2025-29824 and a CVSS rating of seven.8. Whereas the vulnerability remained undisclosed, it caught the eye of risk actors earlier than a repair. Microsoft additionally confirmed detecting lively exploitation makes an attempt of this flaw.
Whereas the patch has been launched for the most recent units, Home windows 10 techniques nonetheless await a repair. As defined within the advisory, updates for Home windows 10 (for each x64-based Programs and 32-bit Programs) will probably be obtainable quickly. Till then, the units stay susceptible to the risk, requiring cautious use of techniques from the customers. Alternatively, customers might select to improve their techniques to Home windows 11 to obtain all safety updates promptly.
Tell us your ideas within the feedback.
