Security & Threat Updates – April 2025:

Share This Article

Microsoft addressed 126 Common Vulnerabilities and Exposures (CVE’s) this month with 1 marked as a zero-day vulnerability.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

• CVE-2025-29824 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • Vulnerability not publicly disclosed but actively being exploited in the wild.

Other Critical CVE’s:

• CVE-2025-26663/26670 – Windows (LDAP) Remote Code Execution Vulnerability
• CVE-2025-27480/27482 – Windows Remote Desktop Services Remote Code Execution Vulnerability
• CVE-2025-27752/29791 – Microsoft Excel Remote Code Execution Vulnerability
• CVE-2025-27745/27748/27749 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-27491 – Windows Hyper-V Remote Code Execution Vulnerability
• CVE-2025-29809 – Windows Kerberos Security Feature Bypass Vulnerability

3^rd Party Critical CVE’s:

Adobe Products:

• Adobe released 12 patches covering 54 CVE’s in Adobe AEM Forms, AEM Screens, After Effects, Animate, Bridge, Cold Fusion, Commerce, FrameMaker, Media Encoder, Photoshop, Premiere Pro, and XMP Toolkit SDK.
  • AEM Forms
  • AEM Screens
  • After Effects
  • Animate
  • Bridge
  • Cold Fusion
  • Commerce
  • FrameMaker
  • Media Encoder
  • Photoshop
  • Premiere Pro
  • XMP Toolkit SDK

Apple:

• Apple backports zero-day patches to older iPhones and Macs

Apache:

• Max severity RCE flaw discovered in widely used Apache Parquet

Firefox:

• Firefox Fixes Several Vulnerabilities in Firefox 137

Fortinet:

• Fortinet released security updates for several products

Google Chrome:

• Versions 135.0.7049.84/.85 were released for Windows & Apple and version 135.0.7049.84 for Linux on April 8^th .
• This update includes 2 Security Fixes.
• Chrome Release: April 8th 2025

Ivanti:

• Ivanti released an update to patch a critical remote code execution flaw in Connect Secure

SAP:

• SAP Released Security Updates for Multiple Products

WinRAR

• WinRAR patched a flaw that bypassed the Mark of the Web security warning

About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering

Software vulnerabilities are a leading cause of cyberattacks, with nearly one-third of breaches stemming from unpatched, known flaws.

Maintaining secure and up-to-date operating systems and applications is a complex, time-consuming task that often strains internal IT resources. Fortress SRM’s Vigilant Managed Cyber Hygiene with 24/7/365 U.S.-based Monitoring Service simplifies patch management by delivering automated, high-efficacy updates (97%+ success rate) for Microsoft and over 100 third-party applications. This includes critical security patches, OS upgrades, and key configuration updates—across all devices, on or off the network.

Our real-time reporting console offers full visibility into patch status and activity, helping organizations maintain a strong, proactive security posture.

Ready to strengthen your cyber hygiene?

Contact us at Contact Us | Fortress Security Risk Management (fortresssrm.com) to learn how Fortress SRM can help support and enhance your organization’s cybersecurity strategy.