Patch Tuesday has arrived, bringing a wave of updates from Microsoft. This month, the tech giant has identified one significant flaw currently under active exploitation, alongside 11 critical issues within its software. Microsoft has rolled out fixes for over 120 vulnerabilities this month, although none of these are rated with a CVSS severity score of nine or higher.
The most critical vulnerability that requires immediate attention is CVE-2025-29824, an elevation of privilege (EoP) flaw in the Windows Common Log File System Driver. This vulnerability is particularly alarming as it is currently being exploited by a group known as Storm-2460, which uses the exploit to deliver ransomware referred to as PipeMagic. Victims have been reported in various countries, including the United States, Spain, Venezuela, and Saudi Arabia.
This vulnerability, rated at 7.8, allows attackers to elevate their privileges to the system level through a use-after-free() flaw in the driver. It affects all versions of Windows Server up to 2025, as well as Windows 10 and Windows 11. While Windows Server and Windows 11 have received patches, users of Windows 10 must wait for a fix, which Microsoft has promised will be released as soon as possible.
This month, it appears there is a trend of patches excluding Windows 10, raising concerns as the operating system nears its end of life. We have reached out to Microsoft for clarification on the release dates and the reasons behind this delay. All of the critical vulnerabilities addressed this month have the potential to allow remote code execution (RCE). Notably, three of these flaws impact Office, while two specifically target Excel, LDAP, and Remote Desktop.
According to a summary provided by Trend Micro's Zero Day Initiative, the most serious vulnerabilities from this month’s patch batch include CVE-2025-29809. ZDI's Dustin Childs noted that this particular flaw requires additional steps for remediation. It involves several security feature bypass (SFB) bugs, and local attackers may exploit it to leak Kerberos credentials.
If your organization relies on virtualization-based security, it is essential to read the accompanying documentation and redeploy with the updated policy to mitigate the risks associated with this vulnerability. Additionally, CVE-2025-26663 and CVE-2025-26670 represent RCE vulnerabilities in Windows LDAP. Childs has emphasized that this is a wormable bug, requiring a race condition to exploit. It is crucial not to depend solely on network perimeter defenses and to test and deploy the latest updates swiftly—unless you are using Windows 10, for which patches are not yet available.
The RDP RCE vulnerabilities, CVE-2025-27480 and CVE-2025-27482, are also wormable. Given that Remote Desktop services are often exposed to the public internet, it is imperative to apply these patches as soon as possible or restrict access to trusted networks or IP addresses.
In addition to Microsoft, Adobe has released over 50 fixes this month, addressing vulnerabilities in a wide range of software including Cold Fusion, After Effects, Media Encoder, Bridge, Commerce, AEM Forms, Premiere Pro, Photoshop, Animate, AEM Screens, FrameMaker, and the Adobe XMP Toolkit SDK. Adobe has classified the vulnerabilities in Cold Fusion as both critical and important and urged users to prioritize these updates even though no active exploitation has been detected.
Meanwhile, AMD has updated some of its previous advisories regarding vulnerabilities such as CVE-2024-21969 (uninitialized GPU register access), CVE-2024-0179 and CVE-2024-21925 (SMM vulnerabilities), and CVE-2024-56161 (SEV confidential computing vulnerability). Users with affected products should review these advisories for additional mitigations and information.
In conclusion, it is vital for all users and organizations to stay informed and act promptly on the latest updates to safeguard their systems against these vulnerabilities.
