Microsoft rolled out the monthly security updates for April, fixing over a hundred different vulnerabilities. The April Patch Tuesday is particularly notable as Microsoft also addressed an actively exploited zero-day flaw. Users must ensure patching their devices promptly with these devices to avoid possible threats.
Noteworthy Patch Tuesday Fixes From Microsoft For April 2025
This month’s security updates addressed 11 critical-severity issues. Of these, 5 vulnerabilities affected Microsoft Excel, 2 existed in Windows Remote Desktop Services, and 1 each in Windows Hyper-V, Windows Lightweight Directory Access Protocol (LDAP), and Windows TCP/IP.
Besides, the update includes 110 important severity vulnerabilities that could lead to remote code execution (22), denial of service (14), privilege escalation (48), security feature bypass (9), information disclosure (16), and spoofing (1).
The most noteworthy of these flaws include:
- CVE-2025-26670 (critical; CVSS 8.1): A use-after-free flaw in Lightweight Directory Access Protocol (LDAP) Client allowing remote code execution from an unauthorized attacker over a network.
- CVE-2025-26686 (critical; CVSS 7.5): A remote code execution vulnerability that existed due to sensitive data storage in improperly locked memory in Windows TCP/IP.
- CVE-2025-27740 (important; CVSS 8.8): A privilege escalation vulnerability in Active Directory Certificate Services that could let an authenticated attacker manipulate accounts’ attributes and gain domain administrator privileges via ADCS certificate.
- CVE-2025-26669 (important; CVSS 8.8): An out-of-bounds read in Windows Routing and Remote Access Service (RRAS) that could let an unauthorized attacker read portions of heap memory and disclosure information over the network. An attacker could trigger the flaw by tricking the victim user into sending a request to the malicious server, which, in return, would send malicious data leading to arbitrary code execution.
- CVE-2025-26678 (important; CVSS 8.4): A security feature bypass existed due to improper access control in the Windows Defender Application Control, allowing attacks from an unauthorized adversary.
Exploiting the vulnerability could allow the attacker to win a race condition, further leading to remote code execution. Triggering this vulnerability merely required the attacker to send maliciously.
Actively Exploited Zero-Day Fixed Too
With April Patch Tuesday, Microsoft fixed a serious zero-day vulnerability in Windows Common Log File System Driver. According to Microsoft’s advisory, a use-after-free flaw in the driver could allow elevated privileges to an authorized adversary, including SYSTEM privileges.
This vulnerability received the CVE ID CVE-2025-29824 and a CVSS score of 7.8. While the vulnerability remained undisclosed, it caught the attention of threat actors before a fix. Microsoft also confirmed detecting active exploitation attempts of this flaw.
While the patch has been released for the latest devices, Windows 10 systems still await a fix. As explained in the advisory, updates for Windows 10 (for both x64-based Systems and 32-bit Systems) will be available soon. Until then, the devices remain vulnerable to the threat, requiring careful use of systems from the users. Alternatively, users may choose to upgrade their systems to Windows 11 to receive all security updates promptly.
Let us know your thoughts in the comments.