Today marks Microsoft’s Patch Tuesday for April 2025, addressing a total of 126 vulnerabilities. This is in addition to nine vulnerabilities that were resolved in Microsoft Edge earlier this month.

Among these, there are four significant unauthenticated remote code execution vulnerabilities and one notable local privilege escalation vulnerability. One of these vulnerabilities is currently being exploited, while the others have been rated as “Exploitation More Likely” by Microsoft. Detailed information about these vulnerabilities is provided below.

Notable Patch Tuesday Vulnerabilities

CVE-2025-29824

This use-after-free vulnerability in the Windows Common Log File System Driver can allow an authorized attacker to elevate privileges locally. It is actively being exploited.

CVE-2025-26663

This vulnerability involves a use-after-free condition that can be triggered by sending specially crafted requests to a vulnerable LDAP server, potentially allowing remote code execution.

CVE-2025-26670

Similar to CVE-2025-26663, this use-after-free vulnerability can be exploited through a race condition by sending specially crafted requests to a vulnerable LDAP server, leading to possible remote code execution.

CVE-2025-27480

This vulnerability can be exploited by causing a race condition when connecting to a system with the Remote Desktop Gateway role, potentially allowing remote code execution.

CVE-2025-27482

Similar to CVE-2025-27480, this use-after-free vulnerability can be exploited through a race condition when connecting to a system with the Remote Desktop Gateway role, potentially leading to remote code execution.

For more detailed information, please refer to the release notes.

Need help addressing the above in your own organization? Speak to an Outpost24 expert.