Microsoft Patch Tuesday – April 2025
Contents
⚡ TL;DR | Go Straight to the April 2025 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The April 2025 edition of Patch Tuesday brings us 121 new fixes, with 11 rated as critical and 1 exploited. We’ve listed the most important changes below.
Windows 10 1507 Patches Delayed
Microsoft has added the following warning to all vulnerabilities this month:
The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.
Seemingly there have been some delays in Microsoft’s process specifically for the first Windows 10 version patches. This means any Windows 10 Version 1507 device (OS Build 10240.X) will remain unpatched for now.
April 9 Update
As of April 9, Microsoft has released KB5055547 to provide the patch Tuesday updates for Windows 10 Version 1507.
Windows Common Log File System Driver Elevation of Privilege Vulnerability
The first item is the only exploited vulnerability this month. CVE-2025-29824 has a CVSS base score of 7.8.
The Windows Common Log File System (CLFS) Driver manages high-integrity system and application log data, so a vulnerability in it could allow attackers to compromise critical logging processes or escalate privileges at the kernel level.
Microsoft lists that if exploitation is successful, an attacker could gain SYSTEM privileges.
LDAP Remote Code Execution Vulnerability
Second on the list are CVE-2025-26663 and CVE-2025-26670 both with a CVSS base score of 8.1. While they haven’t been exploited yet, Microsoft does list these as Critical and “More Likely” to be exploited.
In order to exploit the vulnerability an unauthenticated attacker could sequentially send specially crafted requests to a vulnerable LDAP server. This could result in a use after free which could be leveraged to achieve remote code execution.
Windows Remote Desktop Services Remote Code Execution Vulnerability
Similar to last month, there are another two critical vulnerabilities have been fixed for the Windows RDS. CVE-2025-27482 and CVE-2025-27480 have a CVSS base score of 8.1 and with the label “Exploitation More Likely”.
Microsoft only provided the following additional information:
An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
Run the Patch Tuesday April 2025 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday April 2025 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29822 | Microsoft OneNote Security Feature Bypass Vulnerability |
| CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability |
| CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-29819 | Windows Admin Center in Azure Portal Information Disclosure Vulnerability |
| CVE-2025-29816 | Microsoft Word Security Feature Bypass Vulnerability |
| CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
| CVE-2025-29811 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability |
| CVE-2025-29810 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2025-29805 | Outlook for Android Information Disclosure Vulnerability |
| CVE-2025-29804 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-29803 | Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability |
| CVE-2025-29802 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2025-29801 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-29800 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2025-27746 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-27744 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2025-27743 | Microsoft System Center Elevation of Privilege Vulnerability |
| CVE-2025-27742 | NTFS Information Disclosure Vulnerability |
| CVE-2025-27741 | NTFS Elevation of Privilege Vulnerability |
| CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability |
| CVE-2025-27739 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-27738 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability |
| CVE-2025-27737 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
| CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability |
| CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
| CVE-2025-27733 | NTFS Elevation of Privilege Vulnerability |
| CVE-2025-27732 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2025-27731 | Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability |
| CVE-2025-27730 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability |
| CVE-2025-27728 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2025-27492 | Windows Secure Channel Elevation of Privilege Vulnerability |
| CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2025-27490 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2025-27489 | Azure Local Elevation of Privilege Vulnerability |
| CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-27484 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability |
| CVE-2025-27483 | NTFS Elevation of Privilege Vulnerability |
| CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-27479 | Kerberos Key Distribution Proxy Service Denial of Service Vulnerability |
| CVE-2025-27478 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
| CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-27476 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-27475 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability |
| CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability |
| CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2025-27467 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-26688 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
| CVE-2025-26687 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2025-26682 | ASP.NET Core and Visual Studio Denial of Service Vulnerability |
| CVE-2025-26681 | Win32k Elevation of Privilege Vulnerability |
| CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-26679 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability |
| CVE-2025-26678 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-26675 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
| CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-26666 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-26665 | Windows upnphost.dll Elevation of Privilege Vulnerability |
| CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service Vulnerability |
| CVE-2025-26649 | Windows Secure Channel Elevation of Privilege Vulnerability |
| CVE-2025-26648 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2025-26647 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2025-26644 | Windows Hello Spoofing Vulnerability |
| CVE-2025-26642 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2025-26640 | Windows Digital Media Elevation of Privilege Vulnerability |
| CVE-2025-26639 | Windows USB Print Driver Elevation of Privilege Vulnerability |
| CVE-2025-26637 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2025-26635 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability |
| CVE-2025-25002 | Azure Local Cluster Information Disclosure Vulnerability |
| CVE-2025-24074 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-24073 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-24062 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-24060 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-24058 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-21222 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21221 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21205 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21204 | Windows Process Activation Elevation of Privilege Vulnerability |
| CVE-2025-21203 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-21197 | Windows NTFS Information Disclosure Vulnerability |
| CVE-2025-21191 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
| CVE-2025-21174 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2025-20570 | Visual Studio Code Elevation of Privilege Vulnerability |
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.