Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Microsoft's Patch Tuesday Brings 120+ Fixes, but Leaves Windows 10 Vulnerable to Exploited Bug


Microsoft's Patch Tuesday has brought a slew of fixes for over 120 vulnerabilities, but leaves Windows 10 vulnerable to an exploited bug. The latest CVE-2025-29824 is a critical EoP hole in the Windows Common Log File System Driver that is already being exploited by a group known as Storm-2460.

  • Micorosft's Patch Tuesday has released a patch for over 120 vulnerabilities in its products.
  • A notable vulnerability, CVE-2025-29824, is an elevation of privilege (EoP) hole in the Windows Common Log File System Driver that allows remote code execution (RCE).
  • The flaw affects all versions of Windows Server up to 2025 and Windows 10 and 11.
  • Windows Server and Windows 11 have been patched, but Windows 10 awaits a fix.



  • Microsoft's Patch Tuesday has arrived once again, bringing a slew of fixes for over 120 vulnerabilities in its various products. Among the most notable of these is CVE-2025-29824, an elevation of privilege (EoP) hole in the Windows Common Log File System Driver that is already being exploited by a group known as Storm-2460. This group uses the bug to deliver ransomware it's dubbed PipeMagic, which has been found in the US, Spain, Venezuela, and Saudi Arabia.


    The 7.8-rated flaw allows an attacker to elevate privileges up to system level thanks to a use-after-free() flaw in the aforementioned driver. The issue affects all versions of Windows Server up to 2025 and Windows 10 and 11. Windows Server and Windows 11 have been patched, but Windows 10 awaits a fix.


    "The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information," Redmond wrote, regarding patches for Windows 10.


    This appears to be a common problem this month, with many of the patches excluding Windows 10 for the moment. We've asked Microsoft for clarification on release dates and what the issue is. Windows 10 is approaching end of life but it's not there yet.

    All of the critical flaws all allow remote code execution (RCE). Three impact Office, and two target Excel, LDAP, and Remote Desktop. A summary, courtesy of Trend Micro's Zero Day Initiative, for the most serious holes in this month's patch batch is below in table form.


    CVE
    Title
    Severity
    CVSS
    Public
    Exploited
    Type


    CVE-2025-29824
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    Important
    7.8
    No
    Yes
    EoP

    Microsoft


    Patch Tuesday

    Security

    Windows


    Narrower topics




    2FA

    Active Directory

    Advanced persistent threat

    Application Delivery Controller

    Authentication

    Azure

    BEC

    Bing

    Bitlocker

    Black Hat

    BSides

    BSoD

    Bug Bounty

    CHERI

    CISO

    Common Vulnerability Scoring System

    Cybercrime

    Cybersecurity

    Cybersecurity and Infrastructure Security Agency

    Cybersecurity Information Sharing Act

    Data Breach

    Data Protection

    Data Theft

    DDoS

    DEF CON

    Digital certificate

    Encryption

    Excel

    Exchange Server

    Exploit

    Firewall

    Hacker

    Hacking

    Hacktivism

    HoloLens

    Identity Theft

    Incident response

    Infosec

    Infrastructure Security

    Internet Explorer

    Kenna Security

    LinkedIn

    Microsoft 365

    Microsoft Build

    Microsoft Edge

    Microsoft Fabric

    Microsoft Ignite

    Microsoft Office

    Microsoft Surface

    Microsoft Teams

    NCSAM

    NCSC

    .NET

    Office 365

    OS/2

    Outlook

    Palo Alto Networks

    Password

    Phishing

    Pluton

    PowerShell

    Quantum key distribution

    Ransomware

    Remote Access Trojan

    REvil

    RSA Conference

    SharePoint

    Skype

    Spamming

    Spyware

    SQL Server

    Surveillance

    TLS

    Trojan

    Trusted Platform Module

    Visual Studio

    Visual Studio Code

    Vulnerability

    Wannacry

    Windows 10

    Windows 11




    Related Information:
  • https://www.ethicalhackingnews.com/articles/Microsofts-Patch-Tuesday-Brings-120-Fixes-but-Leaves-Windows-10-Vulnerable-to-Exploited-Bug-ehn.shtml

  • Published: Tue Apr 8 19:11:55 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us