Image
Today’s Patch Tuesday Alert addresses Microsoft’s April 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1151 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted.
| Tag | CVE Count | CVEs |
| Windows LDAP - Lightweight Directory Access Protocol | 4 | CVE-2025-26663, CVE-2025-26670, CVE-2025-26673, CVE-2025-27469 |
| Windows Routing and Remote Access Service (RRAS) | 8 | CVE-2025-26664, CVE-2025-26669, CVE-2025-26667, CVE-2025-26668, CVE-2025-27474, CVE-2025-21203, CVE-2025-26672, CVE-2025-26676 |
| Windows upnphost.dll | 1 | CVE-2025-26665 |
| Windows Media | 2 | CVE-2025-26666, CVE-2025-26674 |
| Windows Win32K - GRFX | 3 | CVE-2025-26681, CVE-2025-26687, CVE-2025-27732 |
| Windows Standards-Based Storage Management Service | 6 | CVE-2025-26680, CVE-2025-27470, CVE-2025-21174, CVE-2025-26652, CVE-2025-27485, CVE-2025-27486 |
| Windows TCP/IP | 1 | CVE-2025-26686 |
| Microsoft Virtual Hard Drive | 1 | CVE-2025-26688 |
| Microsoft Streaming Service | 1 | CVE-2025-27471 |
| Windows HTTP.sys | 1 | CVE-2025-27473 |
| Windows Mark of the Web (MOTW) | 1 | CVE-2025-27472 |
| Windows Digital Media | 4 | CVE-2025-27476, CVE-2025-26640, CVE-2025-27467, CVE-2025-27730 |
| Windows Update Stack | 2 | CVE-2025-27475, CVE-2025-21204 |
| Windows Telephony Service | 5 | CVE-2025-27477, CVE-2025-21205, CVE-2025-21221, CVE-2025-21222, CVE-2025-27481 |
| Windows Local Security Authority (LSA) | 2 | CVE-2025-27478, CVE-2025-21191 |
| Windows Kerberos | 3 | CVE-2025-27479, CVE-2025-26647, CVE-2025-29809 |
| Windows Active Directory Certificate Services | 1 | CVE-2025-27740 |
| Windows NTFS | 5 | CVE-2025-27741, CVE-2025-27742, CVE-2025-21197, CVE-2025-27483, CVE-2025-27733 |
| Microsoft Office | 8 | CVE-2025-27744, CVE-2025-27745, CVE-2025-27746, CVE-2025-27748, CVE-2025-27749, CVE-2025-29791, CVE-2025-29792, CVE-2025-26642 |
| Microsoft Office Word | 3 | CVE-2025-27747, CVE-2025-29820, CVE-2025-29816 |
| System Center | 1 | CVE-2025-27743 |
| Microsoft Office Excel | 4 | CVE-2025-27751, CVE-2025-27752, CVE-2025-27750, CVE-2025-29823 |
| Microsoft Office SharePoint | 2 | CVE-2025-29793, CVE-2025-29794 |
| Microsoft Edge for iOS | 1 | CVE-2025-29796 |
| Dynamics Business Central | 1 | CVE-2025-29821 |
| Microsoft Office OneNote | 1 | CVE-2025-29822 |
| Windows Common Log File System Driver | 1 | CVE-2025-29824 |
| Windows DWM Core Library | 5 | CVE-2025-24074, CVE-2025-24073, CVE-2025-24058, CVE-2025-24060, CVE-2025-24062 |
| Microsoft Edge (Chromium-based) | 12 | CVE-2025-25000, CVE-2025-25001, CVE-2025-29815, CVE-2025-3066, CVE-2025-3070, CVE-2025-3069, CVE-2025-3068, CVE-2025-3067, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074 |
| Azure Local Cluster | 2 | CVE-2025-25002, CVE-2025-26628 |
| Windows USB Print Driver | 1 | CVE-2025-26639 |
| Windows Hello | 2 | CVE-2025-26635, CVE-2025-26644 |
| Windows BitLocker | 1 | CVE-2025-26637 |
| Windows Cryptographic Services | 2 | CVE-2025-26641, CVE-2025-29808 |
| Windows Kernel | 2 | CVE-2025-26648, CVE-2025-27739 |
| Windows Secure Channel | 2 | CVE-2025-26649, CVE-2025-27492 |
| Windows Local Session Manager (LSM) | 1 | CVE-2025-26651 |
| Windows Remote Desktop Services | 1 | CVE-2025-26671 |
| Windows Subsystem for Linux | 1 | CVE-2025-26675 |
| Windows Defender Application Control (WDAC) | 1 | CVE-2025-26678 |
| RPC Endpoint Mapper Service | 1 | CVE-2025-26679 |
| Windows Universal Plug and Play (UPnP) Device Host | 1 | CVE-2025-27484 |
| Remote Desktop Gateway Service | 2 | CVE-2025-27480, CVE-2025-27482 |
| Remote Desktop Client | 1 | CVE-2025-27487 |
| Azure Local | 1 | CVE-2025-27489 |
| Windows Hyper-V | 1 | CVE-2025-27491 |
| Windows Bluetooth Service | 1 | CVE-2025-27490 |
| Windows Installer | 1 | CVE-2025-27727 |
| Windows Shell | 1 | CVE-2025-27729 |
| Windows Kernel-Mode Drivers | 1 | CVE-2025-27728 |
| OpenSSH for Windows | 1 | CVE-2025-27731 |
| Windows Virtualization-Based Security (VBS) Enclave | 1 | CVE-2025-27735 |
| Windows Power Dependency Coordinator | 1 | CVE-2025-27736 |
| Windows Security Zone Mapping | 1 | CVE-2025-27737 |
| Windows Resilient File System (ReFS) | 1 | CVE-2025-27738 |
| Visual Studio Tools for Applications and SQL Server Management Studio | 1 | CVE-2025-29803 |
| Microsoft AutoUpdate (MAU) | 2 | CVE-2025-29800, CVE-2025-29801 |
| Visual Studio | 2 | CVE-2025-29802, CVE-2025-29804 |
| Outlook for Android | 1 | CVE-2025-29805 |
| Active Directory Domain Services | 1 | CVE-2025-29810 |
| Windows Kernel Memory | 1 | CVE-2025-29812 |
| Azure Portal Windows Admin Center | 1 | CVE-2025-29819 |
| Windows Mobile Broadband | 1 | CVE-2025-29811 |
| Visual Studio Code | 1 | CVE-2025-20570 |
| ASP.NET Core | 1 | CVE-2025-26682 |
Other Information
At the time of publication, there were no new advisories included with the April Security Guidance.
