Microsoft's Mighty Bundle of 124 April Fixes for Common Vulnerabilites and Exposures (cves) In its codebase includes 11 that are rated “critical” and two rated “low”, with the rest rated “important” in severity.
Dustin children of the Zero day initiative Noted that “only one of these bugs is listed as publicly known or under activity at the time of release”, but that this will be of lightle comfort.
In a blog postChilds said of the vulnerability being listed by microsoft as under active Attack: “This privatege escalation bug [CVE-2025-29824] … Allows a Threat Actor to Execute their Code with System Privileges. These types of bugs are often paired with code execution bugs to take over a system. Microsoft Gives No Indication of how widespread these attends are. “
Two of the other bugs children picked out – Cve-2025-26663 and Cve-2025-26670 – “Allow a remote, unauthenticated attacker to Execute their code on affected systems just by sending a specially crafted ldap [Lightweight Directory Access Protocol] Message ”. He added:” Since just about everything an ldap service, there's a pleethora of targets out there. And since no user interaction is involved, these bugs are wormable. ” Wormable means no human interaction is required for the cyber attack to spread.
Of the current crop of microsoft vulnerabilityes being disclosed, adam barnett, lead software engineer at Rapid7Said: “The Windows Common Log File System (CLFS) Driver is Firmly Back on our radar today with Cve-2025-29824A Zero-Day Local Elevation of Privilege Vulnerability. “
This is the vulnerability that childs put primary focus on in his post.
Barnett Said: “First, the good news: the across the sections sections the microsoft threat threat in the intelligence center, so the exploit was successfully reproduced by microsoft; the Less -GOD News Other than Microsoft was first to discover the exploit, because otherwise microsoft wouldn Bollywood cve Listing Cve-2025-29824 as exploit in the wilder Level is achieved upon successful exploitation, but it'll be system, trust that that's the prize for all the other CLFS [Common Log File System] Elevation of Privilege Zero-Day Vulnerabilityes.
“Defenders Responsible Cve-2025-26663 to their to-do list. With no privileges required, no need for user interaction, and code execution presumable in the context of the ldap server itself, successful exloation Attacker. “
He added this further note of caution: “If you breath a sight of relieve when you see ldap server critical rce vulnerabilites like Cve-2025-26663Becuse you're certain that you don't have any windows ldap servers in your estate, how about ldap clients? Cve-2025-26670 describes a critical rce [Remote Code Execution] In the ldap client, although the faq confusing states that exploitation would require an attacker to 'send specially crafted requests to a vulnerable ldap server'; This seems like it might be a data entry error on the advisory faq, so keep an eye out for an update to that section of the advisory. “
The full list of cves released by microsoft for April 2025 can be found here,
The cves Encompass, According to Childs' Enumeration, Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Bitlocker, Kerberos, Windows Hello, Open, Windows, and Windows Lightweight Directory Access Protocol.