0-day и 134 уязвимости: Microsoft выпустила апрельские патчи

@Anti-Malware.ru
#Гаджеты#Игры
0-day и 134 уязвимости: Microsoft выпустила апрельские патчи

Microsoft выпустила апрельские обновления, в которых разработчики устранили 134 уязвимости, включая одну активно эксплуатируемую 0-day и 11 критических багов, связанных с удалённым выполнением кода.

Что именно закрыли

Вот как распределились уязвимости по типам:

  • 49 — возможностей повышения привилегий.
  • 9 — проблем обхода защитных механизмов.
  • 31 — баг удалённого выполнения кода (RCE).
  • 17 — раскрытие информации.
  • 14 — отказ в обслуживании (DoS).
  • 3 — спуфинг.

Важно: эти цифры не включают отдельные уязвимости в Microsoft Edge (13 штук) и систему Mariner.

Одна 0-day уже в деле

Главная угроза этого месяца — CVE-2025-29824, уязвимость в драйвере Windows Common Log File System. Она позволяет локальному атакующему получить права SYSTEM, то есть полный контроль над системой.

Microsoft подтвердила, что эту дыру уже используют киберпреступники — в частности, группа RansomEXX, известная атаками с применением программ-вымогателей. Обнаружение уязвимости приписывают Microsoft Threat Intelligence Center.

На момент публикации обновления доступны только для Windows Server и Windows 11. Версии для Windows 10 пока нет — Microsoft обещает выпустить их как можно скорее и уведомить об этом пользователей.

Таблицу с закрытыми в этом месяце уязвимостями приводим ниже:

Затронутый компонентCVE-идентификаторCVE-наименованиеСтепень риска
Active Directory Domain ServicesCVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityВажная
ASP.NET CoreCVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityВажная
Azure LocalCVE-2025-27489Azure Local Elevation of Privilege VulnerabilityВажная
Azure Local ClusterCVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityВажная
Azure Local ClusterCVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityВажная
Azure Portal Windows Admin CenterCVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityВажная
Dynamics Business CentralCVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityВажная
Microsoft AutoUpdate (MAU)CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityВажная
Microsoft AutoUpdate (MAU)CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityВажная
Microsoft Edge (Chromium-based)CVE-2025-3073Chromium: CVE-2025-3073 Inappropriate implementation in AutofillНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3068Chromium: CVE-2025-3068 Inappropriate implementation in IntentsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3074Chromium: CVE-2025-3074 Inappropriate implementation in DownloadsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3067Chromium: CVE-2025-3067 Inappropriate implementation in Custom TabsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3071Chromium: CVE-2025-3071 Inappropriate implementation in NavigationsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3072Chromium: CVE-2025-3072 Inappropriate implementation in Custom TabsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3070Chromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-3069Chromium: CVE-2025-3069 Inappropriate implementation in ExtensionsНеизвестно
Microsoft Edge (Chromium-based)CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityВажная
Microsoft Edge (Chromium-based)CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityВажная
Microsoft Edge (Chromium-based)CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilityНизкая
Microsoft Edge (Chromium-based)CVE-2025-3066Chromium: CVE-2025-3066 Use after free in NavigationsНеизвестно
Microsoft Edge for iOSCVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilityНизкая
Microsoft OfficeCVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityКритическая
Microsoft OfficeCVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityВажная
Microsoft OfficeCVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityВажная
Microsoft OfficeCVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityВажная
Microsoft OfficeCVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityКритическая
Microsoft OfficeCVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityКритическая
Microsoft OfficeCVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityВажная
Microsoft OfficeCVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityКритическая
Microsoft Office ExcelCVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityВажная
Microsoft Office ExcelCVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityВажная
Microsoft Office ExcelCVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityВажная
Microsoft Office ExcelCVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityКритическая
Microsoft Office OneNoteCVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilityВажная
Microsoft Office SharePointCVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityВажная
Microsoft Office SharePointCVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityВажная
Microsoft Office WordCVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityВажная
Microsoft Office WordCVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilityВажная
Microsoft Office WordCVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityВажная
Microsoft Streaming ServiceCVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityВажная
Microsoft Virtual Hard DriveCVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityВажная
OpenSSH for WindowsCVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityВажная
Outlook for AndroidCVE-2025-29805Outlook for Android Information Disclosure VulnerabilityВажная
Remote Desktop ClientCVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityВажная
Remote Desktop Gateway ServiceCVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityКритическая
Remote Desktop Gateway ServiceCVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityКритическая
RPC Endpoint Mapper ServiceCVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityВажная
System CenterCVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityВажная
Visual StudioCVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityВажная
Visual StudioCVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityВажная
Visual Studio CodeCVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityВажная
Visual Studio Tools for Applications and SQL Server Management StudioCVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityВажная
Windows Active Directory Certificate ServicesCVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityВажная
Windows BitLockerCVE-2025-26637BitLocker Security Feature Bypass VulnerabilityВажная
Windows Bluetooth ServiceCVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityВажная
Windows Common Log File System DriverCVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityВажная
Windows Cryptographic ServicesCVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityВажная
Windows Cryptographic ServicesCVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityВажная
Windows Defender Application Control (WDAC)CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilityВажная
Windows Digital MediaCVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityВажная
Windows Digital MediaCVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityВажная
Windows Digital MediaCVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityВажная
Windows Digital MediaCVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityВажная
Windows DWM Core LibraryCVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityВажная
Windows DWM Core LibraryCVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityВажная
Windows DWM Core LibraryCVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityВажная
Windows DWM Core LibraryCVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityВажная
Windows DWM Core LibraryCVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityВажная
Windows HelloCVE-2025-26635Windows Hello Security Feature Bypass VulnerabilityВажная
Windows HelloCVE-2025-26644Windows Hello Spoofing VulnerabilityВажная
Windows HTTP.sysCVE-2025-27473HTTP.sys Denial of Service VulnerabilityВажная
Windows Hyper-VCVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityКритическая
Windows InstallerCVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityВажная
Windows KerberosCVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityВажная
Windows KerberosCVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityВажная
Windows KerberosCVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilityВажная
Windows KernelCVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityВажная
Windows KernelCVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityВажная
Windows Kernel MemoryCVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityВажная
Windows Kernel-Mode DriversCVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityВажная
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityВажная
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityКритическая
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityВажная
Windows LDAP - Lightweight Directory Access ProtocolCVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityКритическая
Windows Local Security Authority (LSA)CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityВажная
Windows Local Security Authority (LSA)CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityВажная
Windows Local Session Manager (LSM)CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityВажная
Windows Mark of the Web (MOTW)CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilityВажная
Windows MediaCVE-2025-26666Windows Media Remote Code Execution VulnerabilityВажная
Windows MediaCVE-2025-26674Windows Media Remote Code Execution VulnerabilityВажная
Windows Mobile BroadbandCVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityВажная
Windows NTFSCVE-2025-27742NTFS Information Disclosure VulnerabilityВажная
Windows NTFSCVE-2025-21197Windows NTFS Information Disclosure VulnerabilityВажная
Windows NTFSCVE-2025-27741NTFS Elevation of Privilege VulnerabilityВажная
Windows NTFSCVE-2025-27483NTFS Elevation of Privilege VulnerabilityВажная
Windows NTFSCVE-2025-27733NTFS Elevation of Privilege VulnerabilityВажная
Windows Power Dependency CoordinatorCVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityВажная
Windows Remote Desktop ServicesCVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityВажная
Windows Resilient File System (ReFS)CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Routing and Remote Access Service (RRAS)CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityВажная
Windows Secure ChannelCVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityВажная
Windows Secure ChannelCVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityВажная
Windows Security Zone MappingCVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilityВажная
Windows ShellCVE-2025-27729Windows Shell Remote Code Execution VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Standards-Based Storage Management ServiceCVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityВажная
Windows Subsystem for LinuxCVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityВажная
Windows TCP/IPCVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityКритическая
Windows Telephony ServiceCVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityВажная
Windows Telephony ServiceCVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityВажная
Windows Telephony ServiceCVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityВажная
Windows Telephony ServiceCVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityВажная
Windows Telephony ServiceCVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityВажная
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityВажная
Windows Update StackCVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityВажная
Windows Update StackCVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityВажная
Windows upnphost.dllCVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityВажная
Windows USB Print DriverCVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityВажная
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityВажная
Windows Win32K - GRFXCVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityВажная
Windows Win32K - GRFXCVE-2025-26687Win32k Elevation of Privilege VulnerabilityВажная
Windows Win32K - GRFXCVE-2025-26681Win32k Elevation of Privilege VulnerabilityВажная
Данные о правообладателе фото и видеоматериалов взяты с сайта «Anti-Malware.ru», подробнее в Правилах сервиса
Анализ
×
Организации
Рейтинг организаций
179
Microsoft
Сфера деятельности:Связь и ИТ
179
Технологии
Рейтинг технологий
121
Google Android
Производитель:Google
121
26
Windows 10
Производитель:Microsoft
26
43
Bluetooth
Автор технологии:Telefonaktiebolaget LM Ericsson
43
36
Windows 11
Производитель:Microsoft
36
112
Apple iOS
Производитель:Apple
112