Microsoft has rolled out critical security updates to address 126 vulnerabilities across its software products. Among these, one vulnerability is actively being exploited, making it a top priority for users to update their systems.
Breakdown of the Latest Microsoft Security Fixes
Microsoft’s latest patch includes 126 vulnerabilities, categorized as follows:
- 11 Critical vulnerabilities
- 112 Important vulnerabilities
- 2 Low-severity vulnerabilities
The most concerning vulnerabilities include those that allow privilege escalation (49 vulnerabilities), remote code execution (34 vulnerabilities), information disclosure (16), and denial-of-service (DoS) attacks (14). These updates also fix 22 flaws in Microsoft’s Chromium-based Edge browser from last month’s Patch Tuesday.
Focus on Actively Exploited Windows CLFS Vulnerability
One of the most critical vulnerabilities addressed is in the Windows Common Log File System (CLFS) Driver (CVE-2025-29824). This flaw, rated with a CVSS score of 7.8, allows unauthorized attackers to elevate their privileges on a system through a use-after-free scenario. This flaw has been actively exploited in the wild and is the sixth such vulnerability in the same component discovered since 2022.
The Severity and Risks of Privilege Escalation Flaws
Elevations of privilege (EoP) flaws are especially dangerous as they enable attackers to gain higher system access levels. In the case of CVE-2025-29824, attackers can escalate privileges to the SYSTEM level, giving them the ability to:
- Install malicious software
- Modify system settings
- Tamper with security features
- Access sensitive data
- Maintain persistent access
Active Exploitation Linked to Ransomware Attacks
This vulnerability has been linked to ransomware attacks targeting a small number of systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it to the Known Exploited Vulnerabilities (KEV) catalog, which mandates federal agencies to apply the necessary fix by April 29, 2025.
Critical Remote Code Execution Vulnerabilities
In addition to the CLFS vulnerability, Microsoft has also addressed several remote code execution flaws, including:
- Windows Kerberos (CVE-2025-29809)
- Windows Remote Desktop Services (CVE-2025-27480, CVE-2025-27482)
- Windows Lightweight Directory Access Protocol (CVE-2025-26663, CVE-2025-26670)
These vulnerabilities could allow attackers to execute code remotely, resulting in full system control.
Notable Office and TCP/IP Vulnerabilities
Another set of critical vulnerabilities that have been fixed affect Microsoft Office and Excel. These flaws (CVE-2025-29791, CVE-2025-27749, CVE-2025-27748, CVE-2025-27745, CVE-2025-27752) could allow attackers to gain system control using specially crafted Excel documents.
Additionally, Windows TCP/IP (CVE-2025-26686) and Windows Hyper-V (CVE-2025-27491) vulnerabilities were addressed, both of which could allow code execution over a network.
Windows 10 Systems Still Awaiting Patches
It is important to note that some vulnerabilities, particularly those affecting Windows 10, have not yet received patches. Microsoft has confirmed that updates for these issues will be released as soon as possible and users will be notified when they become available.
Security Patches from Other Vendors
In addition to Microsoft’s updates, several other vendors have also released security patches for vulnerabilities across their products, including:
- Adobe
- Apple
- Amazon Web Services
- Cisco
- HP
- Lenovo
- Mozilla
- SAP
- Zoom
These updates are essential for securing systems across a range of industries and platforms.
It is crucial for all Windows users, especially those on systems vulnerable to the Windows CLFS issue, to apply the latest security patches immediately. By staying up-to-date, you can protect your systems from active threats and avoid falling victim to potential ransomware attacks.
