[Germany]Microsoft released security updates for Windows clients and servers, Office and other products on April 8, 2025. The security updates eliminate 121 vulnerabilities (CVEs), one of which was classified as 0-day. This vulnerability has already been attacked. Below is a compact overview of these updates that were released on Patchday.
Advertising
Notes on the updates
A list of the updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.
All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.
Windows Server 2012 R2
An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).
Fixed vulnerabilities
Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:
- CVE-2025-29824: Windows Common Log File System Driver Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; the 0-day vulnerability was exploited in the wild. Microsoft discovered this vulnerability in ransomware distributed by the PipeMagic malware via the Storm-2460 group.
- CVE-2025-26671, CVE-2025-27482, CVE-2025-27480: Windows Remote Desktop Services Remote Code Execution vulnerabilities, CVEv3 Score 8.1, two critical, CVE-2025-26671 important; To exploit these vulnerabilities, an attacker must be able to gain a race condition. Despite this requirement, Microsoft categorized CVE-2025-27482 and CVE-2025-27480 as "Exploitation More Likely" according to Microsoft's Exploitability Index. Microsoft has also fixed an RCE vulnerability in Remote Desktop Client (CVE-2025-27487).
- CVE-2025-26663, CVE-2025-26670: Multiple Lightweight Directory Access Protocol (LDAP) Remote Code Execution vulnerabilities, CVEv3 Score 8.1, critical; Successful exploitation of these two vulnerabilities requires the exploitation of a race condition via a specially crafted request that leads to a Use After Free. If this succeeds, the attacker can reach an RCE on an affected host. Microsoft rates the vulnerabilities as "Exploitation More Likely". Microsoft has also patched CVE-2025-26673 and CVE-2025-27469, two Denial of Service (DoS) vulnerabilities in LDAP. These have been rated as important and "Exploitation Less Likely".
- CVE-2025-27740: Active Directory Certificate Services Elevation of Privilege vulnerability, CVEv3 Score 8.8, important; According to Microsoft, if this vulnerability is successfully exploited, an attacker can gain domain administrator privileges by manipulating computer accounts. This vulnerability is classified as "Exploitation less likely".
- CVE-2025-29793, CVE-2025-29794: Microsoft SharePoint Remote Code Execution vulnerability, CVEv3 Score 8.8, important; If successfully exploited, an attacker could execute arbitrary code. According to Microsoft, an attacker must be authenticated to exploit this vulnerability.
A list of all discovered CVEs can be found on this Microsoft page, excerpts are available at Tenable.
Advertising
Similar articles:
Microsoft Security Update Summary (April 8, 2025)
Patchday: Windows 10/11 Updates (April 8, 2025)
Patchday: Windows Server-Updates (April 8, 2025)
Patchday: Microsoft Office Updates (April 8, 2025)
Word/Excel 2016 crashing after April 2025 update KB5002700
Outlook 2016: Calendar access blocked after April 2025 update KB5002700
Advertising
