Technology

Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

TribeNews
By TribeNews Add a Comment
15 Min Read
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws

Today is Microsoft’s April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability.

This Patch Tuesday also fixes eleven “Critical” vulnerabilities, all remote code execution vulnerabilities.

- Advertisement -

The above numbers do not include Mariner flaws and 13 Microsoft Edge vulnerabilities fixed earlier this month.

This month’s Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

- Advertisement -

CVE-2025-29824 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Microsoft says this vulnerability allows local attackers to gain SYSTEM privileges on the device/

- Advertisement -

“The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available,” explained Microsoft.

“The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”

Microsoft says the patches are not available for Windows 10 LTSB 2015 and will be released in the future.

- Advertisement -

Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.

Below is the complete list of resolved vulnerabilities in the April 2025 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

- Advertisement -

Tag
CVE ID
CVE Title
Severity
Active Directory Domain Services
CVE-2025-29810
Active Directory Domain Services Elevation of Privilege Vulnerability
Important
ASP.NET Core
CVE-2025-26682
ASP.NET Core and Visual Studio Denial of Service Vulnerability
Important
Azure Local
CVE-2025-27489
Azure Local Elevation of Privilege Vulnerability
Important
Azure Local Cluster
CVE-2025-26628
Azure Local Cluster Information Disclosure Vulnerability
Important
Azure Local Cluster
CVE-2025-25002
Azure Local Cluster Information Disclosure Vulnerability
Important
Azure Portal Windows Admin Center
CVE-2025-29819
Windows Admin Center in Azure Portal Information Disclosure Vulnerability
Important
Dynamics Business Central
CVE-2025-29821
Microsoft Dynamics Business Central Information Disclosure Vulnerability
Important
Microsoft AutoUpdate (MAU)
CVE-2025-29800
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Important
Microsoft AutoUpdate (MAU)
CVE-2025-29801
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Important
Microsoft Edge (Chromium-based)
CVE-2025-3073
Chromium: CVE-2025-3073 Inappropriate implementation in Autofill
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3068
Chromium: CVE-2025-3068 Inappropriate implementation in Intents
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3074
Chromium: CVE-2025-3074 Inappropriate implementation in Downloads
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3067
Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3071
Chromium: CVE-2025-3071 Inappropriate implementation in Navigations
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3072
Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3070
Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-3069
Chromium: CVE-2025-3069 Inappropriate implementation in Extensions
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-25000
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Important
Microsoft Edge (Chromium-based)
CVE-2025-29815
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Important
Microsoft Edge (Chromium-based)
CVE-2025-25001
Microsoft Edge for iOS Spoofing Vulnerability
Low
Microsoft Edge (Chromium-based)
CVE-2025-3066
Chromium: CVE-2025-3066 Use after free in Navigations
Unknown
Microsoft Edge for iOS
CVE-2025-29796
Microsoft Edge for iOS Spoofing Vulnerability
Low
Microsoft Office
CVE-2025-27745
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2025-27744
Microsoft Office Elevation of Privilege Vulnerability
Important
Microsoft Office
CVE-2025-26642
Microsoft Office Remote Code Execution Vulnerability
Important
Microsoft Office
CVE-2025-29792
Microsoft Office Elevation of Privilege Vulnerability
Important
Microsoft Office
CVE-2025-29791
Microsoft Excel Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2025-27748
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2025-27746
Microsoft Office Remote Code Execution Vulnerability
Important
Microsoft Office
CVE-2025-27749
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office Excel
CVE-2025-27751
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-27750
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-29823
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-27752
Microsoft Excel Remote Code Execution Vulnerability
Critical
Microsoft Office OneNote
CVE-2025-29822
Microsoft OneNote Security Feature Bypass Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-29794
Microsoft SharePoint Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-29793
Microsoft SharePoint Remote Code Execution Vulnerability
Important
Microsoft Office Word
CVE-2025-27747
Microsoft Word Remote Code Execution Vulnerability
Important
Microsoft Office Word
CVE-2025-29816
Microsoft Word Security Feature Bypass Vulnerability
Important
Microsoft Office Word
CVE-2025-29820
Microsoft Word Remote Code Execution Vulnerability
Important
Microsoft Streaming Service
CVE-2025-27471
Microsoft Streaming Service Denial of Service Vulnerability
Important
Microsoft Virtual Hard Drive
CVE-2025-26688
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Important
OpenSSH for Windows
CVE-2025-27731
Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability
Important
Outlook for Android
CVE-2025-29805
Outlook for Android Information Disclosure Vulnerability
Important
Remote Desktop Client
CVE-2025-27487
Remote Desktop Client Remote Code Execution Vulnerability
Important
Remote Desktop Gateway Service
CVE-2025-27482
Windows Remote Desktop Services Remote Code Execution Vulnerability
Critical
Remote Desktop Gateway Service
CVE-2025-27480
Windows Remote Desktop Services Remote Code Execution Vulnerability
Critical
RPC Endpoint Mapper Service
CVE-2025-26679
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
Important
System Center
CVE-2025-27743
Microsoft System Center Elevation of Privilege Vulnerability
Important
Visual Studio
CVE-2025-29802
Visual Studio Elevation of Privilege Vulnerability
Important
Visual Studio
CVE-2025-29804
Visual Studio Elevation of Privilege Vulnerability
Important
Visual Studio Code
CVE-2025-20570
Visual Studio Code Elevation of Privilege Vulnerability
Important
Visual Studio Tools for Applications and SQL Server Management Studio
CVE-2025-29803
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
Important
Windows Active Directory Certificate Services
CVE-2025-27740
Active Directory Certificate Services Elevation of Privilege Vulnerability
Important
Windows BitLocker
CVE-2025-26637
BitLocker Security Feature Bypass Vulnerability
Important
Windows Bluetooth Service
CVE-2025-27490
Windows Bluetooth Service Elevation of Privilege Vulnerability
Important
Windows Common Log File System Driver
CVE-2025-29824
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Important
Windows Cryptographic Services
CVE-2025-29808
Windows Cryptographic Services Information Disclosure Vulnerability
Important
Windows Cryptographic Services
CVE-2025-26641
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Important
Windows Defender Application Control (WDAC)
CVE-2025-26678
Windows Defender Application Control Security Feature Bypass Vulnerability
Important
Windows Digital Media
CVE-2025-27730
Windows Digital Media Elevation of Privilege Vulnerability
Important
Windows Digital Media
CVE-2025-27467
Windows Digital Media Elevation of Privilege Vulnerability
Important
Windows Digital Media
CVE-2025-26640
Windows Digital Media Elevation of Privilege Vulnerability
Important
Windows Digital Media
CVE-2025-27476
Windows Digital Media Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2025-24074
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2025-24073
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2025-24058
Windows DWM Core Library Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2025-24062
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows DWM Core Library
CVE-2025-24060
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows Hello
CVE-2025-26635
Windows Hello Security Feature Bypass Vulnerability
Important
Windows Hello
CVE-2025-26644
Windows Hello Spoofing Vulnerability
Important
Windows HTTP.sys
CVE-2025-27473
HTTP.sys Denial of Service Vulnerability
Important
Windows Hyper-V
CVE-2025-27491
Windows Hyper-V Remote Code Execution Vulnerability
Critical
Windows Installer
CVE-2025-27727
Windows Installer Elevation of Privilege Vulnerability
Important
Windows Kerberos
CVE-2025-26647
Windows Kerberos Elevation of Privilege Vulnerability
Important
Windows Kerberos
CVE-2025-27479
Kerberos Key Distribution Proxy Service Denial of Service Vulnerability
Important
Windows Kerberos
CVE-2025-29809
Windows Kerberos Security Feature Bypass Vulnerability
Important
Windows Kernel
CVE-2025-26648
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows Kernel
CVE-2025-27739
Windows Kernel Elevation of Privilege Vulnerability
Important
Windows Kernel Memory
CVE-2025-29812
DirectX Graphics Kernel Elevation of Privilege Vulnerability
Important
Windows Kernel-Mode Drivers
CVE-2025-27728
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Important
Windows LDAP – Lightweight Directory Access Protocol
CVE-2025-26673
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Important
Windows LDAP – Lightweight Directory Access Protocol
CVE-2025-26663
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Critical
Windows LDAP – Lightweight Directory Access Protocol
CVE-2025-27469
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Important
Windows LDAP – Lightweight Directory Access Protocol
CVE-2025-26670
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Critical
Windows Local Security Authority (LSA)
CVE-2025-21191
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Important
Windows Local Security Authority (LSA)
CVE-2025-27478
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
Important
Windows Local Session Manager (LSM)
CVE-2025-26651
Windows Local Session Manager (LSM) Denial of Service Vulnerability
Important
Windows Mark of the Web (MOTW)
CVE-2025-27472
Windows Mark of the Web Security Feature Bypass Vulnerability
Important
Windows Media
CVE-2025-26666
Windows Media Remote Code Execution Vulnerability
Important
Windows Media
CVE-2025-26674
Windows Media Remote Code Execution Vulnerability
Important
Windows Mobile Broadband
CVE-2025-29811
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
Important
Windows NTFS
CVE-2025-27742
NTFS Information Disclosure Vulnerability
Important
Windows NTFS
CVE-2025-21197
Windows NTFS Information Disclosure Vulnerability
Important
Windows NTFS
CVE-2025-27741
NTFS Elevation of Privilege Vulnerability
Important
Windows NTFS
CVE-2025-27483
NTFS Elevation of Privilege Vulnerability
Important
Windows NTFS
CVE-2025-27733
NTFS Elevation of Privilege Vulnerability
Important
Windows Power Dependency Coordinator
CVE-2025-27736
Windows Power Dependency Coordinator Information Disclosure Vulnerability
Important
Windows Remote Desktop Services
CVE-2025-26671
Windows Remote Desktop Services Remote Code Execution Vulnerability
Important
Windows Resilient File System (ReFS)
CVE-2025-27738
Windows Resilient File System (ReFS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-27474
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-21203
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26668
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26667
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26664
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26672
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26669
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-26676
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Secure Channel
CVE-2025-27492
Windows Secure Channel Elevation of Privilege Vulnerability
Important
Windows Secure Channel
CVE-2025-26649
Windows Secure Channel Elevation of Privilege Vulnerability
Important
Windows Security Zone Mapping
CVE-2025-27737
Windows Security Zone Mapping Security Feature Bypass Vulnerability
Important
Windows Shell
CVE-2025-27729
Windows Shell Remote Code Execution Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-27485
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-27486
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-21174
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-26680
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-27470
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Standards-Based Storage Management Service
CVE-2025-26652
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
Important
Windows Subsystem for Linux
CVE-2025-26675
Windows Subsystem for Linux Elevation of Privilege Vulnerability
Important
Windows TCP/IP
CVE-2025-26686
Windows TCP/IP Remote Code Execution Vulnerability
Critical
Windows Telephony Service
CVE-2025-27481
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2025-21222
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2025-21205
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2025-21221
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Telephony Service
CVE-2025-27477
Windows Telephony Service Remote Code Execution Vulnerability
Important
Windows Universal Plug and Play (UPnP) Device Host
CVE-2025-27484
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Important
Windows Update Stack
CVE-2025-21204
Windows Process Activation Elevation of Privilege Vulnerability
Important
Windows Update Stack
CVE-2025-27475
Windows Update Stack Elevation of Privilege Vulnerability
Important
Windows upnphost.dll
CVE-2025-26665
Windows upnphost.dll Elevation of Privilege Vulnerability
Important
Windows USB Print Driver
CVE-2025-26639
Windows USB Print Driver Elevation of Privilege Vulnerability
Important
Windows Virtualization-Based Security (VBS) Enclave
CVE-2025-27735
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Important
Windows Win32K – GRFX
CVE-2025-27732
Windows Graphics Component Elevation of Privilege Vulnerability
Important
Windows Win32K – GRFX
CVE-2025-26687
Win32k Elevation of Privilege Vulnerability
Important
Windows Win32K – GRFX
CVE-2025-26681
Win32k Elevation of Privilege Vulnerability
Important

Leave a Comment
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected & This Is Prohibited!!!

We have detected that you are using extensions to block ads and you are also not using our official app. Your Account Have been Flagged and reported, pending de-activation & All your earning will be wiped out. Please turn off the software to continue

You cannot copy content of this app