Cyber Security

Industrial-strength April Patch Tuesday covers 135 CVEs – Sophos Information

April 11, 2025

[ad_1]

Microsoft on Tuesday launched 135 patches affecting 19 product households. Ten of the addressed points, all distant code execution points, are thought of by Microsoft to be of Crucial severity, and 18 have a CVSS base rating of 8.0 or larger. One, an Vital-severity elevation of privilege problem touching the Home windows Widespread Log File system driver, is thought to be below energetic exploit within the wild.
At patch time, 11 extra CVEs usually tend to be exploited within the subsequent 30 days by the corporate’s estimation. Numerous of this month’s points are amenable to direct detection by Sophos protections, and we embrace data on these in a desk under.
Along with these patches, sixteen Vital-severity Adobe Reader points affecting ColdFusion are lined within the launch. These are listed in Appendix D under. In a departure from ordinary process, we’re together with all Edge CVEs in our numbers this month the place potential, although these patches have been for probably the most half made obtainable individually from as we speak’s launch.
We’re as at all times together with on the finish of this submit extra appendices itemizing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base rating, and by product household; an appendix protecting the advisory-style updates; and a breakout of the patches affecting the varied Home windows Server platforms nonetheless in assist.
By the numbers

Whole CVEs: 135
Publicly disclosed: 0
Exploit detected: 1
Severity

Crucial: 10
Vital: 114
Low: 2
Excessive / Medium / Low: 9 (Edge-related CVEs issued by Chromium; see Appendix C)

Influence

Elevation of Privilege: 48
Distant Code Execution: 33
Info Disclosure: 18
Denial of Service: 14
Safety Characteristic Bypass: 9
Spoofing: 4
Unknown: 9 (Edge-related CVEs issued by Chromium; see Appendix C)

CVSS rating 9.0 or higher: 0
CVSS base rating 8.0 or higher: 18

Determine 1: Elevation of privilege accounts for over a 3rd of all April patches, however all of the Crucial-severity gadgets are distant code execution. (Please observe that 9 of the Edge updates lined on this problem usually are not launched with full influence data and comply with a special severity schema, and thus don’t seem on this chart; please see Appendix C)
Merchandise

Home windows: 89
365: 15
Workplace: 15
Edge: 13
SharePoint: 6
Visible Studio: 5
Azure: 4
Excel: 3
Microsoft AutoUpdate (MAU) for Mac: 2
Phrase: 2
Entry: 1
ASP.NET: 1
Dynamics 365: 1
OneNote: 1
Outlook for Android: 1
Energy Automate for Desktop: 1
SQL Server: 1
System Middle: 1
Visible Studio Instruments for Purposes (VSTA): 1

As is our customized for this listing, CVEs that apply to multiple product household are counted as soon as for every household they have an effect on. It must be famous that CVE names in April don’t at all times replicate affected product households intently. Particularly, some CVEs names within the Workplace household might point out merchandise that don’t seem within the listing of merchandise affected by the CVE, and vice versa.

Determine 2: Nineteen product households are affected by April’s patches; as famous above, 9 of the Edge updates lined on this problem usually are not launched with full influence data and comply with a special severity schema, and thus seem right here as “unknown” in influence; please see Appendix C
Notable April updates
Along with the problems mentioned above, quite a lot of particular gadgets advantage consideration.
CVE-2025-26642, CVE-2025-27745, CVE-2025-27747, CVE-2025-27748, CVE-2025-27749, CVE-2025-27750, CVE-2025-27751, CVE-2025-2772, CVE-2025-29791, CVE-2025-29816, CVE-2025-29820, CVE-2025-29822 (12 CVEs) – assorted Workplace points
Workplace takes a heavy patch load this month, and the information is especially not good for customers of Workplace LTSC for Mac 2021 and 2024. All twelve CVEs listed above are relevant to these variations, however the replace isn’t prepared but; affected events are suggested to observe these CVEs for replace availability. Worse, 5 of the twelve (CVE-2025-27745, CVE-2025-27748, CVE-2025-27749, CVE-2025-27752, CVE-2025-29791) embrace the Preview Pane as a vector, elevating 4 of them from Vital to Crucial severity.
CVE-2025-26647 — Home windows Kerberos Elevation of Privilege Vulnerability
An Vital-severity elevation of privilege problem, this one seems to hinge on the attacker’s skill to compromise a trusted CA (Certificates Authority). If the attacker can accomplish that after which problem a certificates with a selected Topic Key Identifier (SKI) worth, they may then use that certificates to connect with the system, in the end assuming the id of any account. This one comes with really useful mitigations, together with updating of all Home windows machines and area controllers to the patch launched as we speak, monitoring audit occasions to identify any machine or gadget that escapes that replace, and enabling Enforcement Mode as soon as your surroundings not makes use of certificates issued by authorities not within the NTAuth retailer. CA compromise is after all a longstanding drawback within the ecosystem; with this CVE marked by Microsoft as extra prone to be exploited inside the subsequent 30 days, it’s value prioritizing in your property.
CVE-2025-27743 — Microsoft System Middle Elevation of Privilege Vulnerability
An Vital-severity elevation-of-privilege problem, this CVE touches a constellation of System Middle merchandise (Operations Supervisor, Service Supervisor, Orchestrator, Knowledge Safety Supervisor, Digital Machine Supervisor) and impacts prospects who re-use current System Middle .exe installer information to deploy new cases of their environments. The issue stems from an untrusted search path in System Middle, which an attacker might, with licensed entry and a few facility with DLL hijacking, use to raise their privileges. Microsoft advises affected customers to delete their current installer setup information (.exe) after which obtain the newest model of their System Middle product (.ZIP).
CVE-2025-29809 — Home windows Kerberos Safety Characteristic Bypass Vulnerability
One other problem probably requiring additional care from directors, this Vital-severity safety characteristic bypass requires rollback of a earlier coverage. To cite Microsoft’s steering, “The coverage described in Steering for blocking rollback of Virtualization-based Safety (VBS) associated safety updates has been up to date to account for the newest adjustments. In the event you deployed this coverage, then you definately’ll must redeploy utilizing the up to date coverage.”
Additionally, for any readers who missed the announcement, opposite to earlier plans Microsoft will not be deprecating driver replace synchronization through WSUS (Home windows Server Replace Companies) simply but. These nonetheless counting on the service to do this work (significantly for “disconnected” units) have a reprieve for now, however ought to proceed planning to maneuver to the cloud-based companies Microsoft now prioritizes.

Determine 3: As distant code execution did final month, elevation of privilege points handed the 100-CVE mark with this month’s Patch Tuesday launch
Sophos protections

CVE
Sophos Intercept X/Endpoint IPS
Sophos XGS Firewall

CVE-2025-27482
Exp/2527482-A
Exp/2527482-A

CVE-2025-29792
Exp/2529792-A
Exp/2529792-A

CVE-2025-29812
Exp/2529812-A
Exp/2529812-A

As you possibly can each month, should you don’t need to wait to your system to drag down Microsoft’s updates itself, you possibly can obtain them manually from the Home windows Replace Catalog web site. Run the winver.exe software to find out which construct of Home windows 10 or 11 you’re operating, then obtain the Cumulative Replace package deal to your particular system’s structure and construct quantity.
Appendix A: Vulnerability Influence and Severity
This can be a listing of April patches sorted by influence, then sub-sorted by severity. Every listing is additional organized by CVE.
Elevation of Privilege (48 CVEs)

Vital severity

CVE-2025-20570
Visible Studio Code Elevation of Privilege Vulnerability

CVE-2025-21191
Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability

CVE-2025-21204
Home windows Course of Activation Elevation of Privilege Vulnerability

CVE-2025-24058
Home windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-24060
Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-24062
Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-24073
Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-24074
Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-26639
Home windows USB Print Driver Elevation of Privilege Vulnerability

CVE-2025-26640
Home windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-26648
Home windows Kernel Elevation of Privilege Vulnerability

CVE-2025-26649
Home windows Safe Channel Elevation of Privilege Vulnerability

CVE-2025-26665
Home windows upnphost.dll Elevation of Privilege Vulnerability

CVE-2025-26675
Home windows Subsystem for Linux Elevation of Privilege Vulnerability

CVE-2025-26679
RPC Endpoint Mapper Service Elevation of Privilege Vulnerability

CVE-2025-26681
Win32k Elevation of Privilege Vulnerability

CVE-2025-26687
Win32k Elevation of Privilege Vulnerability

CVE-2025-26688
Microsoft Digital Arduous Disk Elevation of Privilege Vulnerability

CVE-2025-27467
Home windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-27475
Home windows Replace Stack Elevation of Privilege Vulnerability

CVE-2025-27476
Home windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-27478
Home windows Native Safety Authority (LSA) Elevation of Privilege Vulnerability

CVE-2025-27483
NTFS Elevation of Privilege Vulnerability

CVE-2025-27484
Home windows Common Plug and Play (UPnP) Machine Host Elevation of Privilege Vulnerability

CVE-2025-27489
Azure Native Elevation of Privilege Vulnerability

CVE-2025-27490
Home windows Bluetooth Service Elevation of Privilege Vulnerability

CVE-2025-27492
Home windows Safe Channel Elevation of Privilege Vulnerability

CVE-2025-27727
Home windows Installer Elevation of Privilege Vulnerability

CVE-2025-27728
Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2025-27730
Home windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-27731
Microsoft OpenSSH for Home windows Elevation of Privilege Vulnerability

CVE-2025-27732
Home windows Graphics Part Elevation of Privilege Vulnerability

CVE-2025-27733
NTFS Elevation of Privilege Vulnerability

CVE-2025-27739
Home windows Kernel Elevation of Privilege Vulnerability

CVE-2025-27740
Lively Listing Certificates Companies Elevation of Privilege Vulnerability

CVE-2025-27741
NTFS Elevation of Privilege Vulnerability

CVE-2025-27743
Microsoft System Middle Elevation of Privilege Vulnerability

CVE-2025-27744
Microsoft Workplace Elevation of Privilege Vulnerability

CVE-2025-29792
Microsoft Workplace Elevation of Privilege Vulnerability

CVE-2025-29800
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2025-29801
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2025-29802
Visible Studio Elevation of Privilege Vulnerability

CVE-2025-29803
Visible Studio Instruments for Purposes and SQL Server Administration Studio Elevation of Privilege Vulnerability

CVE-2025-29804
Visible Studio Elevation of Privilege Vulnerability

CVE-2025-29810
Lively Listing Area Companies Elevation of Privilege Vulnerability

CVE-2025-29811
Home windows Cellular Broadband Driver Elevation of Privilege Vulnerability

CVE-2025-29812
DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2025-29824
Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability

Distant Code Execution (33 CVEs)

Crucial severity

CVE-2025-26663
Home windows Light-weight Listing Entry Protocol (LDAP) Distant Code Execution Vulnerability

CVE-2025-26670
Light-weight Listing Entry Protocol (LDAP) Shopper Distant Code Execution Vulnerability

CVE-2025-26686
Home windows TCP/IP Distant Code Execution Vulnerability

CVE-2025-27480
Home windows Distant Desktop Companies Distant Code Execution Vulnerability

CVE-2025-27482
Home windows Distant Desktop Companies Distant Code Execution Vulnerability

CVE-2025-27491
Home windows Hyper-V Distant Code Execution Vulnerability

CVE-2025-27745
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-27748
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-27749
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-27752
Microsoft Excel Distant Code Execution Vulnerability

Vital severity

CVE-2025-21205
Home windows Telephony Service Distant Code Execution Vulnerability

CVE-2025-21221
Home windows Telephony Service Distant Code Execution Vulnerability

CVE-2025-21222
Home windows Telephony Service Distant Code Execution Vulnerability

CVE-2025-25000
Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability

CVE-2025-26642
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-26666
Home windows Media Distant Code Execution Vulnerability

CVE-2025-26668
Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability

CVE-2025-26671
Home windows Distant Desktop Companies Distant Code Execution Vulnerability

CVE-2025-26674
Home windows Media Distant Code Execution Vulnerability

CVE-2025-27477
Home windows Telephony Service Distant Code Execution Vulnerability

CVE-2025-27481
Home windows Telephony Service Distant Code Execution Vulnerability

CVE-2025-27487
Distant Desktop Shopper Distant Code Execution Vulnerability

CVE-2025-27729
Home windows Shell Distant Code Execution Vulnerability

CVE-2025-27746
Microsoft Workplace Distant Code Execution Vulnerability

CVE-2025-27747
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-27750
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-27751
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-29791
Microsoft Excel Distant Code Execution Vulnerability

CVE-2025-29793
Microsoft SharePoint Distant Code Execution Vulnerability

CVE-2025-29794
Microsoft SharePoint Distant Code Execution Vulnerability

CVE-2025-29815
Microsoft Edge (Chromium-based) Distant Code Execution Vulnerability

CVE-2025-29820
Microsoft Phrase Distant Code Execution Vulnerability

CVE-2025-29823
Microsoft Excel Distant Code Execution Vulnerability

Info Disclosure (18 CVEs)

Vital severity

CVE-2025-21197
Home windows NTFS Info Disclosure Vulnerability

CVE-2025-21203
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-25002
Azure Native Cluster Info Disclosure Vulnerability

CVE-2025-26628
Azure Native Cluster Info Disclosure Vulnerability

CVE-2025-26664
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-26667
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-26669
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-26672
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-26676
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-27474
Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability

CVE-2025-27736
Home windows Energy Dependency Coordinator Info Disclosure Vulnerability

CVE-2025-27738
Home windows Resilient File System (ReFS) Info Disclosure Vulnerability

CVE-2025-27742
NTFS Info Disclosure Vulnerability

CVE-2025-29805
Outlook for Android Info Disclosure Vulnerability

CVE-2025-29808
Home windows Cryptographic Companies Info Disclosure Vulnerability

CVE-2025-29817
Microsoft Energy Automate Desktop Info Disclosure Vulnerability

CVE-2025-29819
Home windows Admin Middle in Azure Portal Info Disclosure Vulnerability

CVE-2025-29821
Microsoft Dynamics Enterprise Central Info Disclosure Vulnerability

Denial of Service (14 CVEs)

Vital severity

CVE-2025-21174
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

CVE-2025-26641
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-26651
Home windows Native Session Supervisor (LSM) Denial of Service Vulnerability

CVE-2025-26652
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

CVE-2025-26673
Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability

CVE-2025-26680
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

CVE-2025-26682
ASP.NET Core and Visible Studio Denial of Service Vulnerability

CVE-2025-27469
Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability

CVE-2025-27470
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

CVE-2025-27471
Microsoft Streaming Service Denial of Service Vulnerability

CVE-2025-27473
HTTP.sys Denial of Service Vulnerability

CVE-2025-27479
Kerberos Key Distribution Proxy Service Denial of Service Vulnerability

CVE-2025-27485
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

CVE-2025-27486
Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability

Safety Characteristic Bypass (9 CVEs)

Vital severity

CVE-2025-26635
Home windows Howdy Safety Characteristic Bypass Vulnerability

CVE-2025-26637
BitLocker Safety Characteristic Bypass Vulnerability

CVE-2025-26678
Home windows Defender Software Management Safety Characteristic Bypass Vulnerability

CVE-2025-27472
Home windows Mark of the Internet Safety Characteristic Bypass Vulnerability

CVE-2025-27735
Home windows Virtualization-Based mostly Safety (VBS) Safety Characteristic Bypass Vulnerability

CVE-2025-27737
Home windows Safety Zone Mapping Safety Characteristic Bypass Vulnerability

CVE-2025-29809
Home windows Kerberos Safety Characteristic Bypass Vulnerability

CVE-2025-29816
Microsoft Phrase Safety Characteristic Bypass Vulnerability

CVE-2025-29822
Microsoft OneNote Safety Characteristic Bypass Vulnerability

Spoofing (4 CVE)

Vital severity

CVE-2025-26644
Home windows Howdy Spoofing Vulnerability

CVE-2025-26647
Home windows Kerberos Elevation of Privilege Vulnerability

CVE-2025-25001
Microsoft Edge for iOS Spoofing Vulnerability

CVE-2025-29796
Microsoft Edge for iOS Spoofing Vulnerability

Appendix B: Exploitability and CVSS
This can be a listing of the April CVEs judged by Microsoft to be both below exploitation within the wild or extra prone to be exploited within the wild inside the first 30 days post-release. The listing is additional organized by CVE.

Exploitation detected

CVE-2025-29824
Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability

Exploitation extra doubtless inside the subsequent 30 days