Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoftβs most-dire βcriticalβ rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
The zero-day flaw already seeing exploitation is CVE-2025-29824, a local elevation of privilege bug in the Windows Common Log File System (CLFS) driver.Β Microsoft rates it as βimportant,β but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.
This CLFS component of Windows is no stranger to Patch Tuesday: According to Tenableβs Satnam Narang, since 2022 Microsoft has patched 32 CLFS vulnerabilities β averaging 10 per year β with six of them exploited in the wild. The last CLFS zero-day was patched in December 2024.
Narang notes that while flaws allowing attackers to install arbitrary code are consistently top overall Patch Tuesday features, the data is reversed for zero-day exploitation.
βFor the past two years, elevation of privilege flaws have led the pack and, so far in 2025, account for over half of all zero-days exploited,β Narang wrote.
Rapid7βs Adam Barnett warns that any Windows defenders responsible for an LDAP server β which means almost any organization with a non-trivial Microsoft footprint β should add patching for the critical flaw CVE-2025-26663Β to their to-do list.
βWith no privileges required, no need for user interaction, and code execution presumably in the context of the LDAP server itself, successful exploitation would be an attractive shortcut to any attacker,β Barnett said. βAnyone wondering if today is a re-run of December 2024 PatchΒ TuesdayΒ can take some small solace in the fact that the worst of theΒ trio of LDAP critical RCEs published at the end of last yearΒ was likely easier to exploit than todayβs example, since todayβsΒ CVE-2025-26663 requires that an attacker win a race condition. Despite that, Microsoft still expects that exploitation is more likely.β
Among the critical updates Microsoft patched this month are remote code execution flaws in Windows Remote Desktop servicesΒ (RDP), including CVE-2025-26671, CVE-2025-27480 and CVE-2025-27482; only the latter two are rated βcritical,β and Microsoft marked both of them as βExploitation More Likely.β
Perhaps the most widespread vulnerabilities fixed this month were in web browsers. Google Chromeupdated to fix 13 flaws this week, and Mozilla Firefox fixed eight bugs, with possibly more updates coming later this week for MicrosoftEdge.
As it tends to do on Patch Tuesdays, Adobe has released 12 updates resolving 54 security holes across a range of products, including ColdFusion, Adobe Commerce, Experience Manager Forms, After Effects, Media Encoder, Bridge,Β Premiere Pro, Photoshop, Animate, AEM Screens, and FrameMaker.
Apple users may need to patch as well. On March 31, Apple released a huge security update (more than three gigabytes in size) to fix issues in a range of their products, including at least one zero-day flaw.
And in case you missed it, on March 31, 2025 Apple released a rather large batch of security updates for a wide range of their products, from macOS to the iOS operating systems on iPhones and iPads.
Earlier today, Microsoft included a note saying Windows 10 security updates werenβt available but would be released as soon as possible. It appears from browsing askwoody.com that this snafu has since been rectified. Either way, if you run into complications applying any of these updates please leave a note about it in the comments below, because the chances are good that someone else had the same problem.
As ever, please consider backing up your data and or devices prior to updating, which makes it far less complicated to undo a software update gone awry. For more granular details on todayβs Patch Tuesday, check out the SANS Internet Storm Centerβs roundup. Microsoftβs update guide for April 2025 is here.
For more details on Patch Tuesday, check out the write-ups from Action1 andΒ Automox.
An interesting side note in my use of Microsoft Edge to write this post. six times in 20 minutes it closed for no reason. It's a bit eerie, but I do believe monitoring of some kind is happening. No matter, we are in that age of a new world where privacy is of the past.
Login
