Microsoft Patch Tuesday April 2025

The release consists of:

• 6 Critical and 114 Important fixes.
• Coverage across Windows, Windows Components, Microsoft Office, Visual Studio & Windows Defender

• A combined CVSS score of 894.7, with an average severity of 7.5 – slightly higher than last month’s.

Robert Brown, Senior Director of Professional Services at Absolute, emphasizes the importance of prioritization in vulnerability management.

Watch now: Patch Tuesday April 2025 Webinar

Patch Tuesday Recap: Top 3 Vulnerabilities You Need to Know

As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritise addressing them immediately.

1. CVE-2025-29824: Common Log File System Driver Elevation of Privilege
   • Weaponized, Actively Exploited
   A local attacker can exploit a flaw in the CLFS driver to gain SYSTEM-level privileges, potentially leading to full system compromise.
   • Severity: Important | CVSS Score: 7.8
   • Attack Vector: Local | Privileges Required: Low
   • User Interaction: None | Complexity: Low
   This vulnerability allows attackers with low-level access to escalate their privileges, gaining full control of the system. Active exploitation is confirmed, making it a high priority to patch immediately on all Windows 10/11 and Server 2016/2019/2022 systems. If using hardened server builds, disable CLFS (though this may affect logging functionality).
2. CVE-2025-29794: SharePoint Server Remote Code Execution
   • Not Weaponized but Critical Risk
   An authenticated user with site owner privileges can execute arbitrary code on the SharePoint server, potentially gaining full server control.
   • Severity: Critical | CVSS Score: 8.8
   • Attack Vector: Network | Privileges Required: Low
   • User Interaction: None | Complexity: Low
   This vulnerability affects SharePoint servers, where an attacker with site owner access can execute code remotely. If SharePoint is internet-exposed, the risk is significantly higher on all SharePoint 2016/2019/Subscription Edition servers. Review and restrict site owner permissions to minimize exposure.
3. CVE-2025-21205: Windows Telephony Service Remote Code Execution
   • Not Weaponized but Serious Risk
   A vulnerability in the Windows Telephony API allows unauthenticated remote code execution, making it a low-complexity attack vector. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.
   • Severity: Important | CVSS Score: 8.8
   • Attack Vector: Network | Privileges Required: None
   • User Interaction: Required | Complexity: Low
   This flaw allows attackers to execute code remotely without requiring user interaction. It poses a wormable risk, especially in environments where Telephony Services are exposed to the internet on any Windows 10/11 and Server 2016+ systems. If Telephony is not used, consider disabling the service via Group Policy or PowerShell to reduce the attack surface.

Final Thoughts: Act Now to Stay Secure

Aprils Patch Tuesday highlights the ongoing risks of unpatched vulnerabilities, especially as attackers leverage AI and automation to identify new exploits faster than ever before.

1. Prioritize patches for actively exploited and publicly disclosed vulnerabilities.
2. Ensure your security team is equipped to respond quickly.
3. Consider leveraging automation and vulnerability management solutions to stay ahead of threats.

Need help implementing these patches or optimizing your cybersecurity strategy? Our team is here to assist, reach out today.

Until next time, Happy Patching!

See the April, 2025 Patch Tuesday Chart.