Microsoft’s April Patch Tuesday brought fixes for 121 vulnerabilities, with 11 rated critical and the rest as important. Among these patches, a Windows zero-day vulnerability is actively being exploited and requires immediate attention. Despite this critical focus, there are three other vulnerabilities that admins need to address manually to ensure the security of their systems.
The most urgent vulnerability this month is a Windows Common Log File System Driver elevation-of-privilege flaw (CVE-2025-29824), rated as important with a CVSS score of 7.8. This flaw affects most Windows Server and desktop systems, allowing an attacker with local access to gain full system privileges. The ransomware group Storm-2460 has been targeting vulnerable systems to deploy their malware and gain control over machines in the U.S., Venezuela, Spain, and Saudi Arabia.
In addition to this zero-day vulnerability, there are three other vulnerabilities that require extra work to mitigate. The first is a Windows Kerberos elevation-of-privilege vulnerability (CVE-2025-26647) affecting Windows Server systems. This flaw allows attackers to escalate their privileges through network access, requiring additional steps beyond installing the patch to ensure system safety.
Another critical vulnerability is a Windows NTFS information disclosure flaw, rated important with a CVSS score of 6.5. This vulnerability affects Windows Server and desktop systems, requiring additional registry changes to enable the fix and prevent unauthorized access to file paths. Microsoft has disabled the fix by default to avoid application compatibility issues, providing instructions for admins to manually enable the correction.
Furthermore, Microsoft has decided to delay the plan to end driver update synchronization to Windows Server Update Services (WSUS) servers following feedback from customers with disconnected device scenarios. Although the company had deprecated WSUS driver synchronization, they will continue to support it and recommend exploring other options such as Microsoft Intune and Windows Autopatch for driver management strategies.
These vulnerabilities underscore the importance of regular patching and proactive security measures to protect systems from potential threats. Administrators should prioritize addressing these vulnerabilities to ensure the security and integrity of their Windows environments. With the threat landscape constantly evolving, staying vigilant and proactive in addressing security vulnerabilities is crucial to safeguarding critical infrastructure and data.