Η Microsoft κυκλοφόρησε το Patch Tuesday Απριλίου 2025
secnews.gr
IT Security News, Gadgets, Tweaks for Geeks and More
Η Microsoft κυκλοφόρησε το Patch Tuesday Απριλίου 2025
https://www.secnews.gr/645746/microsoft-kikloforise-patch-tuesday-apriliou-2025/
Apr 9th 2025, 10:52
by Digital Fortress
Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Απριλίου 2025 φέρνοντας διορθώσεις για 134 ευπάθειες ασφαλείας, συμπεριλαμβανομένης μιας ευπάθειας zero-day (που έχει χρησιμοποιηθεί σε επιθέσεις).
Έντεκα από τις ευπάθειες που διορθώνονται αυτό το μήνα έχουν χαρακτηριστεί "Κρίσιμες" και όλες τους επιτρέπουν απομακρυσμένη εκτέλεση κώδικα.
Δείτε επίσης: Ευπάθεια στο Nissan Leaf επιτρέπει πλήρη έλεγχο του αυτοκινήτου
Παρακάτω μπορείτε να δείτε μια λίστα με τις κατηγορίες σφαλμάτων που διορθώνει το Patch Tuesday Απριλίου 2025:
• 49 ευπάθειες που επιτρέπουν κλιμάκωση προνομίων
• 31 ευπάθειες που επιτρέπουν απομακρυσμένη εκτέλεση κώδικα
• 17 ευπάθειες που επιτρέπουν αποκάλυψη πληροφοριών
• 14 ευπάθειες που επιτρέπουν Denial of Service επιθέσεις
• 9 ευπάθειες που επιτρέπουν παράκαμψη λειτουργιών ασφαλείας
• 3 ευπάθειες που επιτρέπουν πλαστογράφηση
Οι παραπάνω αριθμοί δεν περιλαμβάνουν σφάλματα Mariner και 13 ευπάθειες του Microsoft Edge που διορθώθηκαν νωρίτερα αυτόν τον μήνα.
Δείτε επίσης: Η CISA πρόσθεσε ευπάθεια CrushFTP στον Κατάλογο KEV
Microsoft Patch Tuesday Απριλίου 2025: Διόρθωση zero-day ευπάθειας
Το Patch Tuesday αυτού του μήνα επιδιορθώνει μια zero-day ευπάθεια που έχει χρησιμοποιηθεί ήδη στα πλαίσια επιθέσεων. Η Microsoft ταξινομεί ένα σφάλμα ως zero-day όταν έχει αποκαλυφθεί δημόσια ή έχει χρησιμοποιηθεί από hackers, ενώ δεν υπάρχει διαθέσιμη επίσημη επιδιόρθωση.
Η ευπάθεια zero-day είναι:
CVE-2025-29824 – Windows Common File Log Driver System Elevation of Privilege Vulnerability
Η Microsoft λέει ότι αυτή η ευπάθεια επιτρέπει σε τοπικούς εισβολείς να αποκτήσουν προνόμια SYSTEM στη συσκευή. Οι ενημερώσεις ασφαλείας Patch Tuesday είναι διαθέσιμες τώρα μόνο για Windows Server και Windows 11. Λίγο αργότερα, θα κυκλοφορήσουν και ενημερώσεις για Windows 10.
"Οι ενημερώσεις θα κυκλοφορήσουν το συντομότερο δυνατό και όταν είναι διαθέσιμες, οι πελάτες θα ειδοποιηθούν μέσω μιας αναθεώρησης αυτών των πληροφοριών CVE".
Δείτε επίσης: Εκμετάλλευση ευπάθειας ESET για κρυφή εκτέλεση malware
Η Microsoft κυκλοφόρησε το Patch Tuesday Απριλίου 2025
Σύμφωνα με τη Microsoft, η ευπάθεια αυτή έχει χρησιμοποιηθεί ως zero-day από τη συμμορία ransomware RansomEXX. Η εταιρεία αποδίδει την ανακάλυψη αυτού του σφάλματος στο Microsoft Threat Intelligence Center.
Microsoft Patch Tuesday Απριλίου 2025: Όλες οι ευπάθειες που διορθώνονται
Στο παρακάτω πίνακα, μπορείτε να δείτε αναλυτικά όλες τις ευπάθειες που διορθώνονται αυτόν τον μήνα:
TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
ASP.NET CoreCVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure LocalCVE-2025-27489Azure Local Elevation of Privilege VulnerabilityImportant
Azure Local ClusterCVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Local ClusterCVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Portal Windows Admin CenterCVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityImportant
Dynamics Business CentralCVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-3073Chromium: CVE-2025-3073 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2025-3068Chromium: CVE-2025-3068 Inappropriate implementation in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3074Chromium: CVE-2025-3074 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3067Chromium: CVE-2025-3067 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3071Chromium: CVE-2025-3071 Inappropriate implementation in NavigationsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3072Chromium: CVE-2025-3072 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3070Chromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3069Chromium: CVE-2025-3069 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-3066Chromium: CVE-2025-3066 Use after free in NavigationsUnknown
Microsoft Edge for iOSCVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft OfficeCVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office OneNoteCVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
OpenSSH for WindowsCVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityImportant
Outlook for AndroidCVE-2025-29805Outlook for Android Information Disclosure VulnerabilityImportant
Remote Desktop ClientCVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Remote Desktop Gateway ServiceCVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
RPC Endpoint Mapper ServiceCVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityImportant
System CenterCVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual Studio Tools for Applications and SQL Server Management StudioCVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-26637BitLocker Security Feature Bypass VulnerabilityImportant
Windows Bluetooth ServiceCVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows Defender Application Control (WDAC)CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Digital MediaCVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2025-26635Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HelloCVE-2025-26644Windows Hello Spoofing VulnerabilityImportant
Windows HTTP.sysCVE-2025-27473HTTP.sys Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel MemoryCVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
Windows Local Security Authority (LSA)CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2025-26666Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-26674Windows Media Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27742NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-21197Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-27741NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27483NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27733NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Secure ChannelCVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Security Zone MappingCVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2025-27729Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Subsystem for LinuxCVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Telephony ServiceCVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows upnphost.dllCVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityImportant
Windows USB Print DriverCVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26687Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26681Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Patch Tuesday Απριλίου 2025
Το Microsoft Patch Tuesday είναι μια πρακτική που ακολουθεί η Microsoft, όπου τη δεύτερη Τρίτη του κάθε μήνα κυκλοφορεί ενημερώσεις και διορθώσεις για τα λειτουργικά συστήματα της, τα προγράμματα και τις εφαρμογές της. Αυτές οι ενημερώσεις περιλαμβάνουν συνήθως διορθώσεις ασφαλείας, βελτιώσεις απόδοσης και νέα χαρακτηριστικά.
Ο σκοπός του Microsoft Patch Tuesday είναι να παρέχει στους χρήστες της Microsoft την καλύτερη δυνατή εμπειρία χρήσης, διορθώνοντας προβλήματα και εξασφαλίζοντας την ασφάλεια των συστημάτων τους. Oι ενημερώσεις ασφαλείας βοηθούν στην προστασία των συστημάτων από κενά ασφαλείας και κακόβουλο λογισμικό. Αυτές οι ενημερώσεις διορθώνουν γνωστά προβλήματα ασφαλείας και ενισχύουν την ανθεκτικότητα των συστημάτων έναντι επιθέσεων.
Πηγή: www.bleepingcomputer.com
You are receiving this email because you subscribed to this feed at https://blogtrottr.com
If you no longer wish to receive these emails, you can unsubscribe here:
https://blogtrottr.com/unsubscribe/nfz/3xfHTz
IT Security News, Gadgets, Tweaks for Geeks and More
Η Microsoft κυκλοφόρησε το Patch Tuesday Απριλίου 2025
https://www.secnews.gr/645746/microsoft-kikloforise-patch-tuesday-apriliou-2025/
Apr 9th 2025, 10:52
by Digital Fortress
Η Microsoft κυκλοφόρησε χθες το Patch Tuesday Απριλίου 2025 φέρνοντας διορθώσεις για 134 ευπάθειες ασφαλείας, συμπεριλαμβανομένης μιας ευπάθειας zero-day (που έχει χρησιμοποιηθεί σε επιθέσεις).
Έντεκα από τις ευπάθειες που διορθώνονται αυτό το μήνα έχουν χαρακτηριστεί "Κρίσιμες" και όλες τους επιτρέπουν απομακρυσμένη εκτέλεση κώδικα.
Δείτε επίσης: Ευπάθεια στο Nissan Leaf επιτρέπει πλήρη έλεγχο του αυτοκινήτου
Παρακάτω μπορείτε να δείτε μια λίστα με τις κατηγορίες σφαλμάτων που διορθώνει το Patch Tuesday Απριλίου 2025:
• 49 ευπάθειες που επιτρέπουν κλιμάκωση προνομίων
• 31 ευπάθειες που επιτρέπουν απομακρυσμένη εκτέλεση κώδικα
• 17 ευπάθειες που επιτρέπουν αποκάλυψη πληροφοριών
• 14 ευπάθειες που επιτρέπουν Denial of Service επιθέσεις
• 9 ευπάθειες που επιτρέπουν παράκαμψη λειτουργιών ασφαλείας
• 3 ευπάθειες που επιτρέπουν πλαστογράφηση
Οι παραπάνω αριθμοί δεν περιλαμβάνουν σφάλματα Mariner και 13 ευπάθειες του Microsoft Edge που διορθώθηκαν νωρίτερα αυτόν τον μήνα.
Δείτε επίσης: Η CISA πρόσθεσε ευπάθεια CrushFTP στον Κατάλογο KEV
Microsoft Patch Tuesday Απριλίου 2025: Διόρθωση zero-day ευπάθειας
Το Patch Tuesday αυτού του μήνα επιδιορθώνει μια zero-day ευπάθεια που έχει χρησιμοποιηθεί ήδη στα πλαίσια επιθέσεων. Η Microsoft ταξινομεί ένα σφάλμα ως zero-day όταν έχει αποκαλυφθεί δημόσια ή έχει χρησιμοποιηθεί από hackers, ενώ δεν υπάρχει διαθέσιμη επίσημη επιδιόρθωση.
Η ευπάθεια zero-day είναι:
CVE-2025-29824 – Windows Common File Log Driver System Elevation of Privilege Vulnerability
Η Microsoft λέει ότι αυτή η ευπάθεια επιτρέπει σε τοπικούς εισβολείς να αποκτήσουν προνόμια SYSTEM στη συσκευή. Οι ενημερώσεις ασφαλείας Patch Tuesday είναι διαθέσιμες τώρα μόνο για Windows Server και Windows 11. Λίγο αργότερα, θα κυκλοφορήσουν και ενημερώσεις για Windows 10.
"Οι ενημερώσεις θα κυκλοφορήσουν το συντομότερο δυνατό και όταν είναι διαθέσιμες, οι πελάτες θα ειδοποιηθούν μέσω μιας αναθεώρησης αυτών των πληροφοριών CVE".
Δείτε επίσης: Εκμετάλλευση ευπάθειας ESET για κρυφή εκτέλεση malware
Η Microsoft κυκλοφόρησε το Patch Tuesday Απριλίου 2025
Σύμφωνα με τη Microsoft, η ευπάθεια αυτή έχει χρησιμοποιηθεί ως zero-day από τη συμμορία ransomware RansomEXX. Η εταιρεία αποδίδει την ανακάλυψη αυτού του σφάλματος στο Microsoft Threat Intelligence Center.
Microsoft Patch Tuesday Απριλίου 2025: Όλες οι ευπάθειες που διορθώνονται
Στο παρακάτω πίνακα, μπορείτε να δείτε αναλυτικά όλες τις ευπάθειες που διορθώνονται αυτόν τον μήνα:
TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
ASP.NET CoreCVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure LocalCVE-2025-27489Azure Local Elevation of Privilege VulnerabilityImportant
Azure Local ClusterCVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Local ClusterCVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Portal Windows Admin CenterCVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityImportant
Dynamics Business CentralCVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-3073Chromium: CVE-2025-3073 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2025-3068Chromium: CVE-2025-3068 Inappropriate implementation in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3074Chromium: CVE-2025-3074 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3067Chromium: CVE-2025-3067 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3071Chromium: CVE-2025-3071 Inappropriate implementation in NavigationsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3072Chromium: CVE-2025-3072 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3070Chromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3069Chromium: CVE-2025-3069 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-3066Chromium: CVE-2025-3066 Use after free in NavigationsUnknown
Microsoft Edge for iOSCVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft OfficeCVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office OneNoteCVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
OpenSSH for WindowsCVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityImportant
Outlook for AndroidCVE-2025-29805Outlook for Android Information Disclosure VulnerabilityImportant
Remote Desktop ClientCVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Remote Desktop Gateway ServiceCVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
RPC Endpoint Mapper ServiceCVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityImportant
System CenterCVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual Studio Tools for Applications and SQL Server Management StudioCVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-26637BitLocker Security Feature Bypass VulnerabilityImportant
Windows Bluetooth ServiceCVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows Defender Application Control (WDAC)CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Digital MediaCVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2025-26635Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HelloCVE-2025-26644Windows Hello Spoofing VulnerabilityImportant
Windows HTTP.sysCVE-2025-27473HTTP.sys Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel MemoryCVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
Windows Local Security Authority (LSA)CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2025-26666Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-26674Windows Media Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27742NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-21197Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-27741NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27483NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27733NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Secure ChannelCVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Security Zone MappingCVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2025-27729Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Subsystem for LinuxCVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Telephony ServiceCVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows upnphost.dllCVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityImportant
Windows USB Print DriverCVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26687Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26681Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Patch Tuesday Απριλίου 2025
Το Microsoft Patch Tuesday είναι μια πρακτική που ακολουθεί η Microsoft, όπου τη δεύτερη Τρίτη του κάθε μήνα κυκλοφορεί ενημερώσεις και διορθώσεις για τα λειτουργικά συστήματα της, τα προγράμματα και τις εφαρμογές της. Αυτές οι ενημερώσεις περιλαμβάνουν συνήθως διορθώσεις ασφαλείας, βελτιώσεις απόδοσης και νέα χαρακτηριστικά.
Ο σκοπός του Microsoft Patch Tuesday είναι να παρέχει στους χρήστες της Microsoft την καλύτερη δυνατή εμπειρία χρήσης, διορθώνοντας προβλήματα και εξασφαλίζοντας την ασφάλεια των συστημάτων τους. Oι ενημερώσεις ασφαλείας βοηθούν στην προστασία των συστημάτων από κενά ασφαλείας και κακόβουλο λογισμικό. Αυτές οι ενημερώσεις διορθώνουν γνωστά προβλήματα ασφαλείας και ενισχύουν την ανθεκτικότητα των συστημάτων έναντι επιθέσεων.
Πηγή: www.bleepingcomputer.com
You are receiving this email because you subscribed to this feed at https://blogtrottr.com
If you no longer wish to receive these emails, you can unsubscribe here:
https://blogtrottr.com/unsubscribe/nfz/3xfHTz
Σχόλια