Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Top 8 Features of Human Risk Management that Results in Real Behavior Change
From the Trenches: How BeyondTrust Detected a Breach at Okta and Lessons we Keep Learning from This Story

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

April, 2025: Patch Tuesday - One Zero Day!

Welcome to my April Patch Tuesday newsletter. Today Microsoft released updates for 153 threats with one of them being a zero day: CVE-2025-29824.

Microsoft rates this zero day as exploited but not public. According to Microsoft, the vulnerability is a use after free in the Windows Common Log File System Driver which could allow an attacker to gain SYSTEM privileges. Interestingly, the severity is only "Important". This update affects all supported flavors of Microsoft OS so you'll want to get this tested and applied as soon as possible.

In addition to these we have 16 others that are rated critical. I've made these bold in the chart below for easier identification. Of these, CVE-2025-29814 was released on March 20. It is an elevation of privilege that is not only rated critical but has a CVSS score of 9.3 / 8.4. It's not public and not being exploited but these are very high ratings. Thankfully there is no action for users to take. This vulnerability has been fully mitigated by Microsoft.

So, it's some what of a conundrum of a month with so many vulnerabilities patched but only one zero day.

I'd also like to give some attention to two of my webinars. Last week my software company, LOGbinder, had a major release update to our Supercharger for Windows Event Collection application. The feedback I received for this webinar was phenomenal. If you'd like to see or listen to the recording you can see it here. On another note, this Thursday I have a pretty interesting deep dive webinar about protecting data on USB drives. We'll be discussing hardware options, BitLocker, Mac APFS and various other alternatives. You can register for that one here.

Happy patching!

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client Windows Admin Center	Critical	CVE-2025-21174 CVE-2025-21191 CVE-2025-21197 CVE-2025-21203 CVE-2025-21204 CVE-2025-21205 CVE-2025-21221 CVE-2025-21222 CVE-2025-24058 CVE-2025-24060 CVE-2025-24062 CVE-2025-24073 CVE-2025-24074 CVE-2025-26635 CVE-2025-26637 CVE-2025-26639 CVE-2025-26640 CVE-2025-26641 CVE-2025-26644 CVE-2025-26647 CVE-2025-26648 CVE-2025-26649 CVE-2025-26651 CVE-2025-26652 CVE-2025-26663 CVE-2025-26664 CVE-2025-26665 CVE-2025-26666 CVE-2025-26667 CVE-2025-26668 CVE-2025-26669 CVE-2025-26670 CVE-2025-26671 CVE-2025-26672 CVE-2025-26673 CVE-2025-26674 CVE-2025-26675 CVE-2025-26676 CVE-2025-26678 CVE-2025-26679 CVE-2025-26680 CVE-2025-26681 CVE-2025-26686 CVE-2025-26687 CVE-2025-26688 CVE-2025-27467 CVE-2025-27469 CVE-2025-27470 CVE-2025-27471 CVE-2025-27472 CVE-2025-27473 CVE-2025-27474 CVE-2025-27475 CVE-2025-27476 CVE-2025-27477 CVE-2025-27478 CVE-2025-27479 CVE-2025-27480 CVE-2025-27481 CVE-2025-27482 CVE-2025-27483 CVE-2025-27484 CVE-2025-27485 CVE-2025-27486 CVE-2025-27487 CVE-2025-27490 CVE-2025-27491 CVE-2025-27492 CVE-2025-27727 CVE-2025-27728 CVE-2025-27729 CVE-2025-27730 CVE-2025-27731 CVE-2025-27732 CVE-2025-27733 CVE-2025-27735 CVE-2025-27736 CVE-2025-27737 CVE-2025-27738 CVE-2025-27739 CVE-2025-27740 CVE-2025-27741 CVE-2025-27742 CVE-2025-29808 CVE-2025-29809 CVE-2025-29810 CVE-2025-29811 CVE-2025-29812 CVE-2025-29819 CVE-2025-29824*	Workaround: No Exploited: Yes* Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based	Important	CVE-2025-1920 CVE-2025-2135 CVE-2025-2136 CVE-2025-2137 CVE-2025-24201 CVE-2025-2476 CVE-2025-25000 CVE-2025-25001 CVE-2025-2783 CVE-2025-29795 CVE-2025-29796 CVE-2025-29806 CVE-2025-29815 CVE-2025-3066 CVE-2025-3067 CVE-2025-3068 CVE-2025-3069 CVE-2025-3070 CVE-2025-3071 CVE-2025-3072 CVE-2025-3073 CVE-2025-3074	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Spoofing
Office	365 Apps for Enterprise Access/Excel/OneNote/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac OneNote for Mac AutoUpdate for Mac Office for Android/Universal Online Server	Critical	CVE-2025-26642 CVE-2025-26687 CVE-2025-27744 CVE-2025-27745 CVE-2025-27746 CVE-2025-27747 CVE-2025-27748 CVE-2025-27749 CVE-2025-27750 CVE-2025-27751 CVE-2025-27752 CVE-2025-29791 CVE-2025-29792 CVE-2025-29800 CVE-2025-29801 CVE-2025-29816 CVE-2025-29820 CVE-2025-29822 CVE-2025-29823	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Security Feature Bypass
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition Server Subscription Edition Language Pack	Important	CVE-2025-26642 CVE-2025-27746 CVE-2025-27747 CVE-2025-29793 CVE-2025-29794 CVE-2025-29820	Workaround: No Exploited: No Public: No	Remote Code Execution
SQL Server	SSMS 20.2	Important	CVE-2025-29803	Workaround: No Exploited: No Public: No	Elevation of Privilege
Azure	Health Bot Kubernetes Service Local Cluster Playwright Stack HCI OS 22H2/23H2 Partner Center Admin Center in Azure Portal	Critical	CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 CVE-2025-21384 CVE-2025-24513 CVE-2025-24514 CVE-2025-25002 CVE-2025-26628 CVE-2025-26683 CVE-2025-27489 CVE-2025-29814 CVE-2025-29819	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure
Developer Tools	Visual Studio Code VS 2022 17.8, 17.10, 17.12, 17.13 VSTA 2019/2022 including SDK ASP.NET Core 8, 9	Important	CVE-2025-20570 CVE-2025-26682 CVE-2025-29802 CVE-2025-29803 CVE-2025-29804	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege
Apps	Microsoft Outlook for Android	Important	CVE-2025-29805	Workaround: No Exploited: No Public: No	Information Disclosure
Dynamics	365 Business Central 2025 Wave 1 Update 26.0 365 Business Central 2024 Wave 2 Update 25.6 365 Business Central 2023 Wave 2 Update 24.12 Microsoft Dataverse	Critical	CVE-2025-24053 CVE-2025-29807 CVE-2025-29821	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution
System Center	Data Protection Manager 2019/2022/2025 Operations Manager 2019/2022/2025 Orchestrator 2019/2022/2025 Service Manager 2019/2022/2025 Virtual Machine Manager 2019/2022/2025	Important	CVE-2025-27743	Workaround: No Exploited: No Public: No	Elevation of Privilege

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

April 2025 Patch Tuesday	"Patch Tuesday - One Zero Day! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.