Ethical Hacking News
Microsoft has released 125 security patches to address critical vulnerabilities affecting its software products. The latest update includes one vulnerability that has been actively exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog. The patch release highlights the ongoing cybersecurity battle between attackers and defenders and emphasizes the importance of timely and effective patching.
Microsoft has released a massive set of security patches to address 125 flaws in its software products. 11 vulnerabilities are rated Critical, while 112 are rated Important and two are rated Low in severity. The most concerning vulnerability is the elevation of privilege (EoP) flaw impacting Windows CLFS Driver (CVE-2025-29824), which has been actively exploited in the wild since 2022. No patch has been released for Windows 10 32-bit or 64-bit systems, leaving a critical gap in defense for a wide portion of the Windows ecosystem. The vulnerability allows an attacker to elevate privileges locally without administrative privileges, making it highly severe. Microsoft has also released patches for other notable vulnerabilities, including security feature bypass and remote code execution flaws.
Microsoft has recently released a massive set of security patches to address 125 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. This latest update is part of Microsoft's ongoing effort to strengthen its software and protect its customers from various types of cyber threats.
According to the data, among these vulnerabilities, 11 are rated Critical, while 112 are rated Important, and two are rated Low in severity. Furthermore, forty-nine of these vulnerabilities are classified as privilege escalation, 34 as remote code execution, 16 as information disclosure, and 14 as denial-of-service (DoS) bugs.
One particularly concerning vulnerability is the elevation of privilege (EoP) flaw impacting the Windows Common Log File System (CLFS) Driver (CVE-2025-29824, CVSS score: 7.8). This vulnerability stems from a use-after-free scenario, allowing an authorized attacker to elevate privileges locally. It's worth noting that this is not the first time such an EoP vulnerability has been discovered in the same component, which has been exploited in the wild since 2022.
The fact that this vulnerability has been actively exploited by attackers highlights the importance of timely and effective patching. In this case, Microsoft has confirmed active exploitation in the wild, yet at this time, no patch has been released for Windows 10 32-bit or 64-bit systems, leaving a critical gap in defense for a wide portion of the Windows ecosystem.
Ben McCarthy, lead cyber security engineer at Immersive, noted that "under certain memory manipulation conditions, a use-after-free can be triggered, which an attacker can exploit to execute code at the highest privilege level in Windows. Importantly, the attacker does not need administrative privileges to exploit the vulnerability – only local access is required." This emphasizes the potential severity of this vulnerability and the importance of prompt action.
In addition to addressing this critical EoP vulnerability, Microsoft has also released patches for other notable vulnerabilities, including security feature bypass (SFB) flaws affecting Windows Kerberos (CVE-2025-29809), remote code execution flaws in Windows Remote Desktop Services (CVE-2025-27480, CVE-2025-27482), and Windows Lightweight Directory Access Protocol (CVE-2025-26663, CVE-2025-26670).
Furthermore, multiple Critical-severity remote code execution flaws have been addressed in Microsoft Office and Excel (CVE-2025-29791, CVE-2025-27749, CVE-2025-27748, CVE-2025-27745, and CVE-2025-27752), which could be exploited by a bad actor using a specially crafted Excel document, resulting in full system control.
Capping off the list of Critical flaws are two remote code execution vulnerabilities impacting Windows TCP/IP (CVE-2025-26686) and Windows Hyper-V (CVE-2025-27491) that could allow an attacker to execute code over a network under certain conditions.
In response to this latest patch release, Mike Walters, president and co-founder of Action1, stated that "the vulnerability permits privilege escalation to the SYSTEM level, thereby giving an attacker the ability to install malicious software, modify system settings, tamper with security features, access sensitive data, and maintain persistent access." He also noted that the lack of a patch for Windows 10 32-bit or 64-bit systems is concerning.
Satnam Narang, senior staff research engineer at Tenable, pointed out that "from an attacker's perspective, post-compromise activity requires obtaining requisite privileges to conduct follow-on activity on a compromised system, such as lateral movement." He added that elevation of privilege bugs are typically popular in targeted attacks. However, elevation of privilege flaws in CLFS have become especially popular among ransomware operators over the years.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also taken notice of this vulnerability, adding it to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fix by April 29, 2025.
Overall, this latest patch release from Microsoft highlights the importance of keeping software up-to-date and addressing potential vulnerabilities in a timely manner. It also underscores the ongoing cybersecurity battle between attackers and defenders, where both sides must stay vigilant and proactive to outmaneuver each other.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Ongoing-Cybersecurity-Battle-Microsoft-Addresses-125-Critical-Vulnerabilities-ehn.shtml
Published: Thu Apr 10 04:40:50 2025 by llama3.2 3B Q4_K_M
