Microsoft Updates released today to plug at least 121 security holes Stretch Operating systems and software, including a vulnerability that is already being exploited in the wild. Eleven of those flaws earned the most dyer “significant” ratings of Microsoft, which means that malware or malcontents can exploit them to do no interaction with Windows users.
Seeing the exploitation is already a blame for zero-day Cve-2025-29824A local height of privilege bug in windows General log file system (CLFS) Driver. Microsoft gives it rate as “important” Chris goal From Ivanti It is said that risk-based priority warrants consider it important.
This CLFS component of Windows is no stranger to patch on Tuesday: as per tenable Satam NarangSince 2022, Microsoft has patched 32 CLFS weaknesses – an average of 10 – per year is exploited in the wild with six of them. Last CLFS Zero-Day Was patched in December 2024.
Narang noted that when allowed the attackers to install arbitrary codes, the overall patch is constantly kept on top of Tuesday features, the data is reversed for zero-day exploitation.
“Over the last two years, the height of the breath of privileges has led the pack and, so far, has been exploited more than half of the zero-day in 2025,” Narang wrote.
Rapid7 of Rapid7 Adam barnet Warns that anyone is responsible for Windows defenders Ldap server -It means a non-separated microsoft footprint with almost any organization. Patch For important faults Cve-2025-26663 For their two-two list.
“No privilege is required, no need for user interaction, and possibly code execution, successful exploitation would be an attractive shortcut for any attacker in the context of LDAP server,” Bharnet said. “Anyone is wondering if today December 2024 is again run patch Tuesday Some small consolation in the fact that the worst LDAP important RCES trio published at the end of last year It was easier to exploit than today’s example, as today’s CVE-2025-266663 requires an attacker to win a race position. Despite this, Microsoft still hopes that the possibility of exploitation is more. ,
Microsoft patched important updates this month have remote code execution defects Windows remote desktop Services (RDP), including Cve-2025-26671, Cve-2025-27480 And Cve-2025-27482Only the latter two have been “significantly” rated, and Microsoft has marked both as “exploitation more likely”.
Perhaps the most broad weaknesses fixed this month were in web browsers. Google chrome Update This week to fix 13 flaws, and Mozila firefox fixed Eight insectsProbably with more updates at the end of this week Microsoft Edge,
As this patch is done on Tuesday, Adobe Is 12 updates issued Solving 54 security holes in a range of products, including cold Fusion, Adobe commerce, Experience manager form, After effect, Media encoder, Bridge, Premier Pro, Photoshop, Chetan, AEM screenAnd frame maker,
Apple Users may also require patches. On 31 March, Apple released a huge security update (more than three gigabytes in size) to fix issues in a range of its products, including At least one zero-day defect,
And if you remember it, then on 31 March, 2025 Apple Issued A big batch of security updates For a wide range of products, from Mac OS till IOS Operating system on Iphone And ipads,
Earlier today, Microsoft called a note Windows 10 Security updates were not available, but will be released as soon as possible. It appears from browsing askwoody.com That this snack has been cured since then. Either way, if you run into complications that apply any of these updates, please leave a note about it in the comment below, because the possibility is good that someone else had the same problem.
As usual, please consider backuping your data and or equipment before updating, which makes the software update very less complicated to reduce the update. Today’s patch for more granting details on Tuesday, see Sans Internet Storm Center RoundupMicrosoft update guide for April 2025 Is here,
For more information about patch Tuesday, see right-up from Action1 And Automox,
