{"id":25829,"date":"2025-05-15T10:15:40","date_gmt":"2025-05-15T18:15:40","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2025\/05\/15\/news-19549\/"},"modified":"2025-05-15T10:15:40","modified_gmt":"2025-05-15T18:15:40","slug":"news-19549","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/05\/15\/news-19549\/","title":{"rendered":"Patch Tuesday, April 2025 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Wed, 09 Apr 2025 03:09:36 +0000<\/strong><\/p>\n

Microsoft<\/strong> today released updates to plug at least 121 security holes in its Windows<\/strong> operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.<\/p>\n

\"\"<\/p>\n

The zero-day flaw already seeing exploitation is CVE-2025-29824<\/a>, a local elevation of privilege bug in the Windows Common Log File System<\/strong> (CLFS) driver.\u00a0 Microsoft rates it as “important,” but as Chris Goettl<\/strong> from Ivanti<\/strong> points out, risk-based prioritization warrants treating it as critical.<\/p>\n

This CLFS component of Windows is no stranger to Patch Tuesday: According to Tenable’s Satnam Narang<\/strong>, since 2022 Microsoft has patched 32 CLFS vulnerabilities — averaging 10 per year — with six of them exploited in the wild. The last CLFS zero-day<\/a> was patched in December 2024<\/a>.<\/p>\n

Narang notes that while flaws allowing attackers to install arbitrary code are consistently top overall Patch Tuesday features, the data is reversed for zero-day exploitation.<\/p>\n

“For the past two years, elevation of privilege flaws have led the pack and, so far in 2025, account for over half of all zero-days exploited,” Narang wrote.<\/span><\/p>\n

Rapid7’s Adam Barnett<\/strong> warns that any Windows defenders responsible for an LDAP server<\/a> \u2014 which means almost any organization with a non-trivial Microsoft footprint \u2014 should add patching<\/span> for the critical flaw CVE-2025-26663<\/a>\u00a0to their to-do list.<\/p>\n

“With no privileges required, no need for user interaction, and code execution presumably in the context of the LDAP server itself, successful exploitation would be an attractive shortcut to any attacker,” Barnett said. “Anyone wondering if today is a re-run of December 2024 Patch<\/span>\u00a0Tuesday<\/span>\u00a0can take some small solace in the fact that the worst of the\u00a0trio of LDAP critical RCEs published at the end of last year<\/a>\u00a0was likely easier to exploit than today\u2019s example, since today\u2019s\u00a0CVE-2025-26663 requires that an attacker win a race condition. Despite that, Microsoft still expects that exploitation is more likely.”<\/p>\n

Among the critical updates Microsoft patched this month are remote code execution flaws in Windows Remote Desktop <\/strong>services\u00a0(RDP), including CVE-2025-26671<\/a>, CVE-2025-27480<\/a> and CVE-2025-27482<\/a>; only the latter two are rated “critical,” and Microsoft marked both of them as \u201cExploitation More Likely.”<\/p>\n

Perhaps the most widespread vulnerabilities fixed this month were in web browsers. Google Chrome<\/strong> updated<\/a> to fix 13 flaws this week, and Mozilla Firefox <\/strong>fixed eight bugs<\/a>, with possibly more updates coming later this week for Microsoft<\/strong> Edge<\/strong>.<\/p>\n

As it tends to do on Patch Tuesdays, Adobe<\/strong> has released 12 updates<\/a> resolving 54 security holes across a range of products, including ColdFusion<\/strong>, Adobe Commerce<\/strong>, Experience Manager Forms<\/strong>, After Effects<\/strong>, Media Encoder<\/strong>, Bridge<\/strong>,\u00a0Premiere Pro<\/strong>, Photoshop<\/strong>, Animate<\/strong>, AEM Screens<\/strong>, and FrameMaker<\/strong>.<\/p>\n

Apple<\/strong> users may need to patch as well. On March 31, Apple released a huge security update (more than three gigabytes in size) to fix issues in a range of their products, including at least one zero-day flaw<\/a>.<\/p>\n

And in case you missed it, on March 31, 2025 Apple<\/strong> released a rather large batch of security updates<\/a> for a wide range of their products, from macOS<\/strong> to the iOS<\/strong> operating systems on iPhones<\/strong> and iPads<\/strong>.<\/p>\n

Earlier today, Microsoft included a note saying Windows 10<\/strong> security updates weren’t available but would be released as soon as possible. It appears from browsing askwoody.com<\/a> that this snafu has since been rectified. Either way, if you run into complications applying any of these updates please leave a note about it in the comments below, because the chances are good that someone else had the same problem.<\/p>\n

As ever, please consider backing up your data and or devices prior to updating, which makes it far less complicated to undo a software update gone awry. For more granular details on today’s Patch Tuesday, check out the SANS Internet Storm Center’s roundup<\/a>. Microsoft’s update guide for April 2025 is here<\/a>.<\/p>\n

For more details on Patch Tuesday, check out the write-ups from Action1<\/a> and\u00a0Automox<\/a>.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Wed, 09 Apr 2025 03:09:36 +0000<\/strong><\/p>\n

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[17774,32482,32483,32484,32485,32486,32487,14947,16888,10516,20501,17220,17061,16936,10525,32488],"class_list":["post-25829","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-chris-goettl","tag-clfs","tag-common-log-file-system","tag-cve-2025-26671","tag-cve-2025-27480","tag-cve-2025-27482","tag-cve-2025-29824","tag-ivanti","tag-latest-warnings","tag-microsoft","tag-satnam-narang","tag-security-tools","tag-the-coming-storm","tag-time-to-patch","tag-windows","tag-windows-remote-desktop-services"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25829"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25829\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}