Microsoft has released its April 2025 Patch Tuesday updates, addressing 121 security vulnerabilities across various products and services. The update package includes 11 critical fixes and one actively exploited vulnerability.
Key Security Updates
Windows 10 1507 Patch Delay
Microsoft announced a temporary delay in releasing security updates for Windows 10 version 1507 (OS Build 10240.X) systems. The company will notify users once these specific patches become available.
Critical Vulnerability Under Active Exploit
The Windows Common Log File System Driver vulnerability (CVE-2025-29824) is currently being exploited in the wild. With a CVSS score of 7.8, this flaw could allow attackers to gain SYSTEM-level privileges by compromising critical logging processes.
LDAP Server Vulnerabilities
Two critical LDAP-related vulnerabilities (CVE-2025-26663 and CVE-2025-26670) received CVSS scores of 8.1. These flaws could enable unauthenticated attackers to execute remote code by sending specially crafted requests to vulnerable LDAP servers.
Remote Desktop Services Fixes
Microsoft patched two critical Remote Desktop Services vulnerabilities (CVE-2025-27482 and CVE-2025-27480). Both received CVSS scores of 8.1 and could allow attackers to execute arbitrary code through the Remote Desktop Gateway role.
Additional Updates
The April release includes patches for:
- Microsoft Excel remote code execution vulnerabilities
- Windows kernel privilege elevation issues
- SharePoint security fixes
- Azure-related security updates
- Visual Studio security improvements
Recommendation
System administrators should promptly deploy these security updates across their networks to protect against potential threats and exploits.