Microsoft has unveiled updates aimed at addressing at least 121 security vulnerabilities in its Windows operating systems and applications, among them a weakness that is currently being taken advantage of in the wild. Eleven of these vulnerabilities received Microsoft’s most severe “critical” classification, signifying that malicious software or individuals could take advantage of them with minimal to no user interaction.
The zero-day vulnerability currently under exploitation is CVE-2025-29824, a local privilege escalation flaw within the Windows Common Log File System (CLFS) driver. Microsoft classifies it as “important,” but as Chris Goettl from Ivanti emphasizes, risk-based prioritization justifies treating it with critical urgency.
This CLFS segment of Windows is familiar with Patch Tuesday: As per Tenable’s Satnam Narang, since 2022 Microsoft has rectified 32 CLFS vulnerabilities — averaging 10 annually — with six of them exploited in the wild. The most recent CLFS zero-day was addressed in December 2024.
Narang points out that while vulnerabilities that enable attackers to execute arbitrary code generally top the features that get addressed on Patch Tuesdays, the scenario flips for zero-day exploitation.
“For the past two years, elevation of privilege vulnerabilities have been at the forefront and, thus far in 2025, they account for over half of all zero-days exploited,” Narang stated.
Rapid7’s Adam Barnett cautions that any Windows administrators managing an LDAP server — which generally includes almost every organization with a significant Microsoft presence — ought to incorporate patching for the critical weakness CVE-2025-26663 on their priority list.
“With no privileges needed, no user interaction required, and code execution presumably occurring within the LDAP server context itself, successful exploitation would offer an appealing shortcut to any attacker,” Barnett remarked. “Those wondering if today mirrors December 2024’s Patch Tuesday can find some comfort in the fact that the worst of the trio of LDAP critical RCEs published late last year was probably easier to exploit compared to today’s instance, since today’s CVE-2025-26663 necessitates that an attacker successfully navigate a race condition. Nevertheless, Microsoft still anticipates that exploitation is more feasible.”
Among the pivotal updates Microsoft addressed this month are remote code execution vulnerabilities within Windows Remote Desktop services (RDP), such as CVE-2025-26671, CVE-2025-27480, and CVE-2025-27482; only the last two have been classified as “critical,” and Microsoft has indicated that both are “Exploitation More Likely.”
One of the most prevalent vulnerabilities remedied this month was in web browsers. Google Chrome applied fixes for 13 vulnerabilities this week, while Mozilla Firefox addressed eight bugs, with additional updates potentially forthcoming later this week for Microsoft Edge.
As is customary on Patch Tuesdays, Adobe has issued 12 updates resolving 54 security vulnerabilities across various products, including ColdFusion, Adobe Commerce, Experience Manager Forms, After Effects, Media Encoder, Bridge, Premiere Pro, Photoshop, Animate, AEM Screens, and FrameMaker.
Apple users may also require updates. On March 31, Apple launched a significant security update (exceeding three gigabytes) to address issues across several of their products, including at least one zero-day vulnerability.
Moreover, if you missed it, on March 31, 2025 Apple released a substantial collection of security updates covering a wide array of their products, ranging from macOS to the iOS operating systems on iPhones and iPads.
Earlier today, Microsoft mentioned that Windows 10 security updates were not yet available but would be issued as soon as feasible. A visit to askwoody.com suggests that this issue has since been resolved. Regardless, if you encounter any difficulties while applying any of these updates, please share your experiences in the comments below, as it is quite possible that others have faced similar issues.
As always, it’s advisable to back up your data and/or devices before proceeding with updates, as this makes it significantly easier to reverse a problematic software update. For more detailed information about today’s Patch Tuesday, visit the SANS Internet Storm Center’s summary. Microsoft’s update guide for April 2025 can be found here.
To learn more about Patch Tuesday, check the write-ups from Action1 and Automox.