Arctic Wolf Security Bulletin
Arctic Wolf Security Bulletin
Back to blog

Microsoft Patch Tuesday: April 2025

Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows, including one exploited vulnerability and four vulnerabilities that Microsoft has labeled as Critical. 
Arctic Wolf Security Bulletin
6 min read

On April 8, 2025, Microsoft released its April 2025 security update, addressing 126 newly disclosed vulnerabilities. Arctic Wolf has highlighted five vulnerabilities affecting Microsoft Windows in this security bulletin, including one exploited vulnerability and four vulnerabilities that Microsoft has labeled as Critical. 

Vulnerabilities 

Vulnerability  CVSS  Description  Exploited? 
CVE-2025-29824  7.8  Windows Common Log File System Driver Elevation of Privilege Vulnerability – A local threat actor can exploit this vulnerability to gain SYSTEM privileges. 

  • Exploited to target organizations across multiple industries—including IT, real estate, finance, software, and retail—in the U.S., Venezuela, Spain, and Saudi Arabia. The activity is attributed to Storm-2460, which used the PipeMagic malware to deploy ransomware following post-compromise exploitation. 
 Yes 
CVE-2025-26663 & CVE-2025-26670  8.1  Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability – An unauthenticated remote threat actor could send specially crafted requests to a vulnerable LDAP server, potentially triggering a use-after-free condition that could result in remote code execution. To successfully exploit the vulnerability, the threat actor must win a race condition. Although these two vulnerabilities are identical, they are tracked as separate CVEs.  No 
CVE-2025-27480 & CVE-2025-27482  8.1  Windows Remote Desktop Services Remote Code Execution Vulnerability – A remote threat actor can exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, causing a race condition that leads to a use-after-free scenario. This can then be used to execute arbitrary code. Successful exploitation depends on the threat actor’s ability to win the race condition.  No 

Recommendation 

Upgrade to Latest Fixed Versions

Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions. 

  • Note: Microsoft has stated that the security updates for Windows 10 x64-based systems and Windows 10 32-bit systems are not yet available. These updates will be released as soon as possible, and customers will be notified through a revision to the CVE page once they become available. 
Product  CVE  Update Article 
Windows 10 for 32-bit Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  Update Pending 
Windows 10 for x64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  Update Pending 
Windows 10 Version 1607 for 32-bit, and x64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055521 
Windows 10 Version 1809 for 32-bit, and x64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055519 
Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055518 
Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055518 
Windows 11 Version 22H2 for x64-based, and ARM64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055528 
Windows 11 Version 23H2 for x64-based, and ARM64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055528 
Windows 11 Version 24H2 for x64-based, and ARM64-based Systems  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055523 
Windows Server 2008 for 32-bit, and x64-based Systems Service Pack 2  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055609, 5055596 
Windows Server 2008 R2 for x64-based Systems Service Pack 1  CVE-2025-26663, CVE-2025-26670, CVE-2025-29824  5055561, 5055570 
Windows Server 2012  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-29824  5055581 
Windows Server 2012 R2  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-29824  5055557 
Windows Server 2016  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824  5055521 
Windows Server 2019  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824  5055519 
Windows Server 2022  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824  5055526 
Windows Server 2022, 23H2 Edition  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824  5055527 
Windows Server 2025  CVE-2025-26663, CVE-2025-26670, CVE-2025-27480, CVE-2025-27482, CVE-2025-29824  5055523 

 

Please follow your organization’s patching and testing guidelines to minimize potential operational impact. 

References 

Resources

Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster

 

Popular Topics
View all posts
Share this post:

What to read next

Back to Blog
Arctic Wolf Blog Featured Image
11 min read

CVE-2025-32433: Maximum Severity Unauthenticated RCE Vulnerability in Erlang/OTP SSH

April 21, 2025

View Post
Arctic Wolf Blog Featured Image
8 min read

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

April 17, 2025

View Post
Arctic Wolf Blog Featured Image
3 min read

Silent Ransom Group “Call-back” Phishing Campaign

April 10, 2025

View Post
Arctic Wolf Blog Featured Image
4 min read

CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation

April 3, 2025

View Post