Webinar Library
Welcome to my April Patch Tuesday newsletter. Today Microsoft released updates for 153 threats with one of them being a zero day: CVE-2025-29824. Microsoft rates this zero day as exploited but not public. According to Microsoft, the vulnerability is a use after free in the Windows Common Log File System Driver which could allow an attacker to gain SYSTEM privileges. Interestingly, the severity is only "Important". This update affects all supported flavors of Microsoft OS so you'll want to get this tested and applied as soon as possible. In addition to these we have 16 others that are rated critical. I've made these bold in the chart below for easier identification. Of these, CVE-2025-29814 was released on March 20. It is an elevation of privilege that is not only rated critical but has a CVSS score of 9.3 / 8.4. It's not public and not being exploited but these are very high ratings. Thankfully there is no action for users to take. This vulnerability has been fully mitigated by Microsoft. So, it's some what of a conundrum of a month with so many vulnerabilities patched but only one zero day. I'd also like to give some attention to two of my webinars. Last week my software company, LOGbinder, had a major release update to our Supercharger for Windows Event Collection application. The feedback I received for this webinar was phenomenal. If you'd like to see or listen to the recording you can see it here. On another note, this Thursday I have a pretty interesting deep dive webinar about protecting data on USB drives. We'll be discussing hardware options, BitLocker, Mac APFS and various other alternatives. You can register for that one here. Happy patching!
So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client Windows Admin Center
Critical
CVE-2025-21174 CVE-2025-21191 CVE-2025-21197 CVE-2025-21203 CVE-2025-21204 CVE-2025-21205 CVE-2025-21221 CVE-2025-21222 CVE-2025-24058 CVE-2025-24060 CVE-2025-24062 CVE-2025-24073 CVE-2025-24074 CVE-2025-26635 CVE-2025-26637 CVE-2025-26639 CVE-2025-26640 CVE-2025-26641 CVE-2025-26644 CVE-2025-26647 CVE-2025-26648 CVE-2025-26649 CVE-2025-26651 CVE-2025-26652 CVE-2025-26663 CVE-2025-26664 CVE-2025-26665 CVE-2025-26666 CVE-2025-26667 CVE-2025-26668 CVE-2025-26669 CVE-2025-26670 CVE-2025-26671 CVE-2025-26672 CVE-2025-26673 CVE-2025-26674 CVE-2025-26675 CVE-2025-26676 CVE-2025-26678 CVE-2025-26679 CVE-2025-26680 CVE-2025-26681 CVE-2025-26686 CVE-2025-26687 CVE-2025-26688 CVE-2025-27467 CVE-2025-27469 CVE-2025-27470 CVE-2025-27471 CVE-2025-27472 CVE-2025-27473 CVE-2025-27474 CVE-2025-27475 CVE-2025-27476 CVE-2025-27477 CVE-2025-27478 CVE-2025-27479 CVE-2025-27480 CVE-2025-27481 CVE-2025-27482 CVE-2025-27483 CVE-2025-27484 CVE-2025-27485 CVE-2025-27486 CVE-2025-27487 CVE-2025-27490 CVE-2025-27491 CVE-2025-27492 CVE-2025-27727 CVE-2025-27728 CVE-2025-27729 CVE-2025-27730 CVE-2025-27731 CVE-2025-27732 CVE-2025-27733 CVE-2025-27735 CVE-2025-27736 CVE-2025-27737 CVE-2025-27738 CVE-2025-27739 CVE-2025-27740 CVE-2025-27741 CVE-2025-27742 CVE-2025-29808 CVE-2025-29809 CVE-2025-29810 CVE-2025-29811 CVE-2025-29812 CVE-2025-29819 CVE-2025-29824*
Denial of Service
Elevation of Privilege Information Disclosure
Remote Code Execution Security Feature Bypass Spoofing
Edge
Chromium-based
Important
CVE-2025-1920 CVE-2025-2135 CVE-2025-2136 CVE-2025-2137 CVE-2025-24201 CVE-2025-2476 CVE-2025-25000 CVE-2025-25001 CVE-2025-2783 CVE-2025-29795 CVE-2025-29796 CVE-2025-29806 CVE-2025-29815 CVE-2025-3066 CVE-2025-3067 CVE-2025-3068 CVE-2025-3069 CVE-2025-3070 CVE-2025-3071 CVE-2025-3072 CVE-2025-3073 CVE-2025-3074
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Access/Excel/OneNote/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac OneNote for Mac AutoUpdate for Mac Office for Android/Universal Online Server
CVE-2025-26642 CVE-2025-26687 CVE-2025-27744 CVE-2025-27745 CVE-2025-27746 CVE-2025-27747 CVE-2025-27748 CVE-2025-27749 CVE-2025-27750 CVE-2025-27751 CVE-2025-27752 CVE-2025-29791 CVE-2025-29792 CVE-2025-29800 CVE-2025-29801 CVE-2025-29816 CVE-2025-29820 CVE-2025-29822 CVE-2025-29823
Elevation of Privilege Remote Code Execution Security Feature Bypass
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition Server Subscription Edition Language Pack
CVE-2025-26642 CVE-2025-27746 CVE-2025-27747 CVE-2025-29793 CVE-2025-29794 CVE-2025-29820
Remote Code Execution
SQL Server
SSMS 20.2
CVE-2025-29803
Elevation of Privilege
Azure
Health Bot Kubernetes Service Local Cluster Playwright Stack HCI OS 22H2/23H2 Partner Center Admin Center in Azure Portal
CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 CVE-2025-21384 CVE-2025-24513 CVE-2025-24514 CVE-2025-25002 CVE-2025-26628 CVE-2025-26683 CVE-2025-27489 CVE-2025-29814 CVE-2025-29819
Developer Tools
Visual Studio Code VS 2022 17.8, 17.10, 17.12, 17.13 VSTA 2019/2022 including SDK ASP.NET Core 8, 9
CVE-2025-20570 CVE-2025-26682 CVE-2025-29802 CVE-2025-29803 CVE-2025-29804
Denial of Service Elevation of Privilege
Apps
Microsoft Outlook for Android
CVE-2025-29805
Information Disclosure
Dynamics
365 Business Central 2025 Wave 1 Update 26.0 365 Business Central 2024 Wave 2 Update 25.6 365 Business Central 2023 Wave 2 Update 24.12 Microsoft Dataverse
CVE-2025-24053 CVE-2025-29807 CVE-2025-29821
System Center
Data Protection Manager 2019/2022/2025 Operations Manager 2019/2022/2025 Orchestrator 2019/2022/2025 Service Manager 2019/2022/2025 Virtual Machine Manager 2019/2022/2025
CVE-2025-27743