Khẩn trương cập nhật bản vá Microsoft Patch Tuesday Tháng 4/2025

WhiteHat Team

WhiteHat Team

Administrators
Thành viên BQT
09/04/2020
94
744 bài viết
Khẩn trương cập nhật bản vá Microsoft Patch Tuesday Tháng 4/2025
WhiteHat Team
Microsoft đã phát hành bản vá Patch Tuesday tháng 4/2025, bao gồm các bản cập nhật bảo mật cho 134 lỗ hổng, trong đó có một lỗ hổng zero-day đang bị khai thác tích cực.

Bold Red Gaming Livestream YouTube Thumbnail (4) (1).png

Trong bản vá Patch Tuesday lần này, Microsoft cũng đã sửa 11 lỗ hổng được đánh giá là “Nghiêm trọng” (Critical), tất cả đều là các lỗ hổng thực thi mã từ xa (Remote Code Execution).
  • 49 lỗ hổng leo thang đặc quyền (Elevation of Privilege)
  • 9 lỗ hổng bỏ qua tính năng bảo mật (Security Feature Bypass)
  • 31 lỗ hổng thực thi mã từ xa (Remote Code Execution)
  • 17 lỗ hổng rò rỉ thông tin (Information Disclosure)
  • 14 lỗ hổng từ chối dịch vụ (Denial of Service)
  • 3 lỗ hổng giả mạo (Spoofing)
Lưu ý: Các con số trên không bao gồm các lỗ hổng liên quan đến Mariner và 13 lỗ hổng của Microsoft Edge đã được vá trước đó trong tháng này.

Lỗ hổng zero-day đang bị khai thác, được đề cập trong bản cập nhật lần này là: CVE-2025-29824 - Lỗ hổng leo thang đặc quyền trong trình điều khiển Windows Common Log File System (CLFS). Lỗ hổng này cho phép kẻ tấn công cục bộ giành được quyền SYSTEM trên thiết bị.

Hiện tại, bản cập nhật bảo mật mới chỉ có sẵn cho Windows Server và Windows 11. Microsoft cho biết bản cập nhật dành cho Windows 10 sẽ được phát hành sau.

> Bản cập nhật bảo mật cho Windows 10 hệ thống 64-bit và 32-bit hiện chưa có sẵn

> Các bản cập nhật sẽ được phát hành sớm nhất có thể. Khi có sẵn, khách hàng sẽ được thông báo thông qua bản cập nhật CVE

Dưới đây là danh sách đầy đủ các lỗ hổng được khắc phục trong bản cập nhật Patch Tuesday tháng 4/2025:

Tag​
CVE ID​
CVE Title​
Severity​
Active Directory Domain ServicesCVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
ASP.NET CoreCVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure LocalCVE-2025-27489Azure Local Elevation of Privilege VulnerabilityImportant
Azure Local ClusterCVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Local ClusterCVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Portal Windows Admin CenterCVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityImportant
Dynamics Business CentralCVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-3073Chromium: CVE-2025-3073 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2025-3068Chromium: CVE-2025-3068 Inappropriate implementation in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3074Chromium: CVE-2025-3074 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3067Chromium: CVE-2025-3067 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3071Chromium: CVE-2025-3071 Inappropriate implementation in NavigationsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3072Chromium: CVE-2025-3072 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3070Chromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3069Chromium: CVE-2025-3069 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-3066Chromium: CVE-2025-3066 Use after free in NavigationsUnknown
Microsoft Edge for iOSCVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft OfficeCVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office OneNoteCVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
OpenSSH for WindowsCVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityImportant
Outlook for AndroidCVE-2025-29805Outlook for Android Information Disclosure VulnerabilityImportant
Remote Desktop ClientCVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Remote Desktop Gateway ServiceCVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
RPC Endpoint Mapper ServiceCVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityImportant
System CenterCVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual Studio Tools for Applications and SQL Server Management StudioCVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-26637BitLocker Security Feature Bypass VulnerabilityImportant
Windows Bluetooth ServiceCVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows Defender Application Control (WDAC)CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Digital MediaCVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2025-26635Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HelloCVE-2025-26644Windows Hello Spoofing VulnerabilityImportant
Windows HTTP.sysCVE-2025-27473HTTP.sys Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel MemoryCVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
Windows Local Security Authority (LSA)CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2025-26666Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-26674Windows Media Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27742NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-21197Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-27741NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27483NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27733NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Secure ChannelCVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Security Zone MappingCVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2025-27729Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Subsystem for LinuxCVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Telephony ServiceCVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows upnphost.dllCVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityImportant
Windows USB Print DriverCVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityImportant
Windows Win32K - GRFXCVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Windows Win32K - GRFXCVE-2025-26687Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K - GRFXCVE-2025-26681Win32k Elevation of Privilege VulnerabilityImportant

Theo Bleeping Computer
 
Mời các bạn tham gia Group WhiteHat để thảo luận và cập nhật tin tức an ninh mạng hàng ngày.
Lưu ý từ WhiteHat: Kiến thức an ninh mạng để phòng chống, không làm điều xấu. Luật pháp liên quan
Bạn phải đăng nhập hoặc đăng ký để phản hồi tại đây.
Bài viết liên quan
  • Juniper phát hành bản vá khẩn cấp cho lỗ hổng nghiêm trọng CVE-2025-21590
  • Apple tung bản vá khẩn cấp cho lỗ hổng Zero-day thứ 3 trong năm 2025
  • NVIDIA phát hành bản vá bảo mật khẩn cấp cho lỗ hổng nghiêm trọng trên HMC
  • GitLab phát hành bản vá khẩn cấp cho các lỗ hổng gây rò rỉ dữ liệu
  • Adobe phát hành bán vá khẩn cho lỗ hổng nghiêm trọng trong ColdFusion
  • Apple phát hành bản vá khẩn cấp cho các zero-day đang bị khai thác
    • Thẻ
    microsoft patch tuesday zeroday
    Bên trên