Microsoft Security Windows

Microsoft’s April 2025 Patch Tuesday: 121 Vulnerabilities Patched, Including One Zero-Day Exploited in the Wild

/ by Corentin C | Leave a comment

microsoft-patch-tuesday

Microsoft’s April 2025 Patch Tuesday has landed — and it’s another big one. This month’s update addresses 121 vulnerabilities (CVEs) across a wide range of Microsoft products and services. Among them is a zero-day vulnerability that has already been exploited in the wild, highlighting the ongoing urgency for staying on top of security updates.

Here’s what IT admins, security professionals, and everyday users need to know.

By the Numbers

  • 121 total vulnerabilities fixed
  • 11 rated Critical
  • 110 rated Important
  • 0 Moderate or Low severity

This month’s breakdown shows a significant number of elevation of privilege (EoP) vulnerabilities, making up 40.5% of the total. Remote code execution (RCE) flaws come next at 25.6%, followed by information disclosure, denial of service, and spoofing vulnerabilities.

These types of vulnerabilities are especially valuable to attackers seeking to move laterally within environments or escalate their access after an initial compromise.

Zero-Day Vulnerability: Exploited in the Wild

CVE-2025-29824 is the standout zero-day of the month. This is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver, rated Important with a CVSSv3 score of 7.8. What makes it more alarming is its confirmed exploitation in the wild, linked to ransomware deployments by the group Storm-2460, via the PipeMagic malware.

The CLFS driver has a history of being a popular target for attackers. Microsoft patched eight CLFS vulnerabilities in 2024, including another exploited zero-day (CVE-2024-49138), and has addressed similar issues annually since 2022. Organizations should prioritize patching this one without delay.

Critical Remote Code Execution (RCE) Vulnerabilities

Several vulnerabilities this month were rated Critical due to their potential for remote code execution:

  • CVE-2025-26671, CVE-2025-27480, CVE-2025-27482 – These affect Windows Remote Desktop Gateway Services. Attackers could exploit a race condition to execute code remotely. Two are rated Critical and flagged as “Exploitation More Likely” by Microsoft.
  • CVE-2025-26663, CVE-2025-26670 – These impact Windows LDAP and LDAP Client, and are also rated Critical. Exploiting these requires a carefully crafted request that leads to a use-after-free condition. If successful, attackers could execute arbitrary code on a vulnerable system.

Microsoft also patched other LDAP-related vulnerabilities, including two denial-of-service issues (CVE-2025-26673 and CVE-2025-27469), which are less severe but still worth monitoring.

Other High-Impact Vulnerabilities

  • CVE-2025-27740 – A vulnerability in Active Directory Certificate Services that could allow an attacker to elevate privileges and gain domain admin access by manipulating computer accounts. Rated Important with a high CVSS score of 8.8, this is a serious concern for enterprise environments.
  • CVE-2025-29793 & CVE-2025-29794 – Affecting Microsoft SharePoint Server, these RCE vulnerabilities require authentication to exploit but could allow attackers to execute arbitrary code. Given SharePoint’s widespread use in corporate settings, these should not be overlooked.

Affected Products

This month’s patches span a wide range of Microsoft software and services, including but not limited to:

  • Windows (Core, Kernel, Drivers, BitLocker, Hyper-V, etc.)
  • Microsoft Office (Excel, Word, SharePoint, OneNote)
  • Active Directory & Certificate Services
  • Azure, ASP.NET Core
  • Visual Studio & Visual Studio Code
  • Remote Desktop Services
  • OpenSSH for Windows
  • Windows Subsystem for Linux
  • Outlook for Android
  • Microsoft AutoUpdate (MAU)

In short, whether you’re using Microsoft on the desktop, in the cloud, or in enterprise infrastructure, there’s likely a fix this month relevant to you.

Conclusion & Recommendations

Microsoft’s April 2025 Patch Tuesday is a reminder of just how broad the modern attack surface has become — from local privilege escalations to remote code execution via network services. The presence of an exploited zero-day, combined with several “Exploitation More Likely” vulnerabilities, makes this a high-priority update cycle.

Our recommendations:

  1. Prioritize the zero-day (CVE-2025-29824) and the Critical RCEs affecting RDP and LDAP.
  2. Patch all systems as soon as possible, especially those running SharePoint, Active Directory, and Remote Desktop services.
  3. Scan your environment using up-to-date vulnerability assessment tools to ensure full coverage.
  4. Monitor threat intelligence sources for signs of active exploitation or proof-of-concept exploits that may emerge in the coming weeks.
  5. Test patches in staging environments when feasible, especially for critical infrastructure, before deploying them in production.

To view the full list of patched vulnerabilities and get additional technical details, visit the official Microsoft Security Update Guide for April 2025:
👉 https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-apr

Stay safe, stay patched, and don’t give attackers an easy entry point.

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

Fix Windows Update Issues

How to Fix Windows Update Issues on Windows 10 and Windows 11

Struggling with Windows updates? This guide shows how to quickly fix common Windows Update issues on Windows 10 and Windows 11 using Microsoft’s troubleshooting tools and tips.

Read more »

microsoft-patch-tuesday

March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, Including 7 Zero-Days

Microsoft's March 2025 Patch Tuesday delivers security updates for 57 vulnerabilities, with 7 zero-day flaws, including 6 that are actively exploited. Critical bugs affect components like NTFS, Microsoft Access, and Windows Server, highlighting the urgent need to apply these patches.

Read more »

crypto eth coin

Bybit Hacked: Largest Crypto Theft in History

Bybit, one of the largest cryptocurrency exchanges, has been hacked for $1.46 billion in digital assets, marking the biggest crypto theft in history. The attackers exploited a vulnerability in the exchange’s multisignature wallet, siphoning funds through a masked transaction. Despite the massive loss, Bybit assures users that all funds remain 1:1 backed. Read more about the breach and its implications for the crypto industry.

Read more »

openssh

OpenSSH Vulnerabilities: CVE-2025-26465 and CVE-2025-26466

Two critical OpenSSH vulnerabilities have been discovered: a MitM attack (CVE-2025-26465) and a DoS attack (CVE-2025-26466). Learn how to protect your systems with recommended security measures.

Read more »

Microsoft Majorana 1

Microsoft Unveils Majorana 1: A Quantum Leap in Computing

Microsoft has unveiled the Majorana 1 chip, a groundbreaking quantum chip that utilizes a new Topological Core architecture. This innovation aims to enable quantum computers capable of solving significant industrial challenges in years rather than decades, leveraging topoconductors to produce stable and scalable qubits. With a vision to reach a million qubits, Microsoft is set to revolutionize industries from healthcare to materials science.

Read more »

Apple Security

Apple Releases Security Fixes in iOS 18.3.1 and iPadOS 18.3.1

Apple’s latest iOS 18.3.1 and iPadOS 18.3.1 updates fix a critical security flaw that could allow attackers to bypass USB Restricted Mode on locked devices. This vulnerability (CVE-2025-24200) has been exploited in targeted attacks. Learn why this update matters and how to secure your device.

Read more »

valve piratefi

PirateFi Malware Incident: A Warning to Steam Gamers

Valve has warned Steam users about PirateFi, a recently released game that was found to contain malware. The malicious files aimed to steal browser cookies, leading to account hijacking. Learn what happened and how to stay safe. Valve has recently issued a security alert to Steam users regarding a newly released game, PirateFi, which was found to contain malware. This alarming discovery has raised concerns among gamers, emphasizing the importance of vigilance when downloading and launching games from digital platforms.

Read more »

Microsoft Deepseek R1

DeepSeek R1: Microsoft’s Strategic Move in AI Beyond OpenAI

Microsoft has added DeepSeek R1 to its Azure AI Foundry, offering a cost-effective and high-performance AI model. With local execution support on Copilot+ PCs and growing security concerns, this move signals Microsoft's shift towards AI diversification beyond OpenAI.

Read more »

Apple Security

Apple Faces UK Government Demand for Encrypted iCloud Backdoor

Apple is facing pressure from the UK government to create a backdoor for encrypted iCloud backups under the Investigatory Powers Act. If implemented, this could compromise global user privacy and set a dangerous precedent for digital security.

Read more »

FMRS Furtivex Malware Removal Script

Welcoming Furtivex Malware Removal Script to ToolsLib!

We’re excited to welcome Furtivex Malware Removal Script to ToolsLib! This free, portable malware scanner provides aggressive threat removal, system integrity checks, and comprehensive logging. Download it today and boost your security!

Read more »

February 2025 Patch Tuesday: Office Updates and Microsoft 365 Changes

February 2025's Patch Tuesday brings important updates for Office and Microsoft 365, including retirements, new features, and security enhancements. Stay ahead by understanding what’s changing and how these updates impact your workflow.

Read more »

Apple Zeroday

Apple Releases Critical Security Updates to Patch Actively Exploited Zero-Day Vulnerability

Apple has issued critical security updates to address a zero-day vulnerability (CVE-2025-24085) impacting iOS and other Apple devices. The flaw, actively exploited in the wild, allows attackers to take control of vulnerable devices through malicious apps. Learn how to safeguard your Apple devices by installing the latest updates immediately.

Read more »

To top

Table of Contents

Index