Security & Threat Updates – April 2025:

Share This Article

Microsoft addressed 126 Common Vulnerabilities and Exposures (CVE’s) this month with 1 marked as a zero-day vulnerability.  The most critical Common Vulnerabilities and Exposures (CVE’s) are noted below:

Microsoft Vulnerabilities:

Windows Zero-Days:

• CVE-2025-29824 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • Vulnerability not publicly disclosed but actively being exploited in the wild.

Other Critical CVE’s:

• CVE-2025-26663/26670 – Windows (LDAP) Remote Code Execution Vulnerability
• CVE-2025-27480/27482 – Windows Remote Desktop Services Remote Code Execution Vulnerability
• CVE-2025-27752/29791 – Microsoft Excel Remote Code Execution Vulnerability
• CVE-2025-27745/27748/27749 – Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-27491 – Windows Hyper-V Remote Code Execution Vulnerability
• CVE-2025-29809 – Windows Kerberos Security Feature Bypass Vulnerability

3^rd Party Critical CVE’s:

Adobe Products:

• Adobe released 12 patches covering 54 CVE’s in Adobe AEM Forms, AEM Screens, After Effects, Animate, Bridge, Cold Fusion, Commerce, FrameMaker, Media Encoder, Photoshop, Premiere Pro, and XMP Toolkit SDK.
  • AEM Forms
  • AEM Screens
  • After Effects
  • Animate
  • Bridge
  • Cold Fusion
  • Commerce
  • FrameMaker
  • Media Encoder
  • Photoshop
  • Premiere Pro
  • XMP Toolkit SDK

Apple:

• Apple backports zero-day patches to older iPhones and Macs

Apache:

• Max severity RCE flaw discovered in widely used Apache Parquet

Firefox:

• Firefox Fixes Several Vulnerabilities in Firefox 137

Fortinet:

• Fortinet released security updates for several products

Google Chrome:

• Versions 135.0.7049.84/.85 were released for Windows & Apple and version 135.0.7049.84 for Linux on April 8^th .
• This update includes 2 Security Fixes.
• Chrome Release: April 8th 2025

Ivanti:

• Ivanti released an update to patch a critical remote code execution flaw in Connect Secure

SAP:

• SAP Released Security Updates for Multiple Products

WinRAR

• WinRAR patched a flaw that bypassed the Mark of the Web security warning

About FortressSRM Cyber Hygiene Offering:

Software vulnerabilities are one of the top cyber-attack vectors and one in three breaches are the result of vulnerabilities that were known about and should have been already patched. 

Keeping operating systems and application software patched and secure is time consuming and tedious – an internal IT resource nightmare. Fortress SRM’s Guardian Managed Patching with Monitoring Service delivers automated, high-efficacy (97%+) updates to Microsoft and over 80 third-party software, ensuring efficient patch deployment to every device, whether on or off network. This includes the deployment of critical updates, security updates, feature updates, operating system upgrades, key Windows security setting and configurations. 

The Fortress SRM real-time reporting console includes current patch levels of devices and gives the Client total visibility into what patch related activities have been performed, while real-time patch monitoring provides deep insight into approved, unapproved, pending, and failed patching efforts.

Ready to start the Cyber Hygiene journey? Contact us at: Contact Us | Fortress Security Risk Management (fortresssrm.com)