Contact us
En
Русский English
Services Company Blog
En
Русский English
MS Patch Tuesday

Analysis of Microsoft Patch Tuesday updates - April 2025

Executive Summary

On Tuesday, April 08, 2025, Microsoft released its monthly security patch, addressing 126 vulnerabilities across its products.

By severity:

  • Critical - 11;
  • Important - 112;
  • Low - 2.

Exploited (Zero-Days) and Publicly Disclosed Vulnerabilities

Special attention should be paid to the following vulnerability. Fixing it is the highest priority:

  • CVE-2025-29824 (CVSS 7.8; Important) - Windows Common Log File System Driver Elevation of Privilege Vulnerability (Elevation of Privilege). The CWE-416: Use After Free vulnerability in the Windows Common Log File System Driver allows a local attacker to elevate privileges from user level to System.

General Overview and Trends

The April Patch Tuesday release includes a significant number of fixes spanning a wide range of Microsoft products. The largest number of vulnerabilities were addressed in Windows components (including the kernel, services, and applications), as well as in Microsoft Office and Edge.

  • Predominance of Elevation of Privilege vulnerabilities: Most vulnerabilities (around 40%) relate to privilege escalation. This indicates ongoing security issues in access-rights management across Microsoft operating systems and applications.
  • Remote Code Execution (RCE) vulnerabilities: 33 vulnerabilities are classified as Critical or Important and enable remote code execution. These vulnerabilities pose a serious threat as one of the most dangerous vulnerability classes.
  • Vulnerabilities in Office: A significant number of vulnerabilities were found in Microsoft Office, including Word, Excel, and SharePoint. This highlights the importance of timely Office updates and using the latest versions.
  • Vulnerabilities in Edge: Fixes also affected the Microsoft Edge (Chromium-based) browser, underscoring the continued relevance of threats originating from web browsers.
  • Vulnerabilities in RDP: The presence of several vulnerabilities in Remote Desktop Services (RDP) requires special attention, since RDP is often used for legitimate purposes and is also a target for attackers.

Full List of Vulnerabilities

Below is a table of all vulnerabilities fixed this month.

CVETitleTypeCVSSSeverityExploitedPublicly Disclosed
CVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure8.8ImportantNoNo
CVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityElevation of Privilege8.8ImportantNoNo
CVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution8.8ImportantNoNo
CVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilitySecurity Feature Bypass8.6ImportantNoNo
CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilitySecurity Feature Bypass8.4ImportantNoNo
CVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityElevation of Privilege8.1ImportantNoNo
CVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityRemote Code Execution8.1CriticalNoNo
CVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityRemote Code Execution8.1CriticalNoNo
CVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution8.1ImportantNoNo
CVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution8.1CriticalNoNo
CVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityRemote Code Execution8.1CriticalNoNo
CVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution8.0ImportantNoNo
CVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-26666Windows Media Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-26674Windows Media Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27483NTFS Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27489Azure Local Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27729Windows Shell Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27733NTFS Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27741NTFS Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8CriticalNoNo
CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantNoNo
CVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilitySecurity Feature Bypass7.8ImportantNoNo
CVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution7.8ImportantNoNo
CVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of Privilege7.8ImportantYesNo
CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityRemote Code Execution7.6ImportantNoNo
CVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityRemote Code Execution7.5ImportantNoNo
CVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityRemote Code Execution7.5CriticalNoNo
CVE-2025-26687Win32k Elevation of Privilege VulnerabilityElevation of Privilege7.5ImportantNoNo
CVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-27473HTTP.sys Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityElevation of Privilege7.5ImportantNoNo
CVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityDenial of Service7.5ImportantNoNo
CVE-2025-29805Outlook for Android Information Disclosure VulnerabilityInformation Disclosure7.5ImportantNoNo
CVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityElevation of Privilege7.5ImportantNoNo
CVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilitySecurity Feature Bypass7.5ImportantNoNo
CVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityInformation Disclosure7.3ImportantNoNo
CVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityElevation of Privilege7.3ImportantNoNo
CVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityElevation of Privilege7.3ImportantNoNo
CVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityElevation of Privilege7.3ImportantNoNo
CVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityElevation of Privilege7.3ImportantNoNo
CVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution7.2ImportantNoNo
CVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityRemote Code Execution7.1CriticalNoNo
CVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilitySecurity Feature Bypass7.1ImportantNoNo
CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityElevation of Privilege7.0ImportantNoNo
CVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityElevation of Privilege6.8ImportantNoNo
CVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityInformation Disclosure6.8ImportantNoNo
CVE-2025-26637BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass6.8ImportantNoNo
CVE-2025-26681Win32k Elevation of Privilege VulnerabilityElevation of Privilege6.7ImportantNoNo
CVE-2025-21197Windows NTFS Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-26635Windows Hello Security Feature Bypass VulnerabilitySecurity Feature Bypass6.5ImportantNoNo
CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityDenial of Service6.5ImportantNoNo
CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityInformation Disclosure6.5ImportantNoNo
CVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityInformation Disclosure6.2ImportantNoNo
CVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilitySecurity Feature Bypass6.0ImportantNoNo
CVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityDenial of Service5.9ImportantNoNo
CVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-27742NTFS Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityInformation Disclosure5.5ImportantNoNo
CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilitySecurity Feature Bypass5.4ImportantNoNo
CVE-2025-26644Windows Hello Spoofing VulnerabilitySpoofing5.1ImportantNoNo
CVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilitySpoofing4.7LowNoNo
CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilitySpoofing4.3LowNoNo
Paranoid Security How Attackers Abuse Signed Drivers to Take Over Infrastructure. Using BYOVD to Bypass PPL Protection Mechanisms in Windows. February 5
Vulnerability Research How Attackers Abuse Signed Drivers to Take Over Infrastructure. Using BYOVD to Bypass PPL Protection Mechanisms in Windows.
Paranoid Security Microsoft Patch Tuesday Analysis – January 2026 January 13
MS Patch Tuesday Microsoft Patch Tuesday Analysis – January 2026
Paranoid Security FortiOS 8.0 firmware analysis & rootfs decryption January 12
FortiOS 8.0 firmware analysis & rootfs decryption