Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Microsoft Patch Tuesday April 2025 patches 121 vulnerabilities 11 Critical, 110 Important), patch Immediately!!
Image
Published : 09/04/2025
- Last update: 09/04/2025
- Affected software:
• Microsoft Office
• Windows LDAP
• Windows RDP- Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.
- CVE/CVSS:
Microsoft patched 121 vulnerabilities in its April 2025 Patch Tuesday release, 11 rated as critical, 110 rated important. Including 1 0- day vulnerabilitiy and 1 vulnerability that is actively exploited.Number of CVE by type:
• 31 Remote Code Execution vulnerabilities
• 49 Elevation of Privilege vulnerabilities
• 17 Information Disclosure vulnerabilities
• 1 Spoofing vulnerability
• 14 Denial of Service vulnerabilities
• 9 Security Feature Bypass vulnerabilities
Sources
Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr
Risks
Microsoft’s February 2025 Patch Tuesday includes 121 vulnerabilities (11 critical, 110 important), for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
This Patch Tuesday includes 1 actively exploited vulnerability and 1 0-Day. Some other vulnerabilities are also more likely to be exploited soon, therefore urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE-2025-29824: Windows CLFS Driver (0-Day, Actively Exploited)
Elevation of Privilege Vulnerability, CVSS: 7.8. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Microsoft has discovered post-compromise exploitation of a zero-day elevation of privilege vulnerability in the Windows Common Log File System (CLFS). Microsoft is attributing the exploitation to Storm-2460. This vulnerability is used in ransomware attacks.
https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/
CVE-2025-27480, CVE-2025-27482: Windows Remote Desktop Services
Remote Code Execution Vulnerabilities, CVSS: 8.1.
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network (CVE-2025-27480).
Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network (CVE-2025-27482).
Both vulnerabilities are marked as “Exploitation More Likely”.
CVE-2025-29793, CVE-2025-29794: Microsoft SharePoint
Remote Code Execution Vulnerabilities, CVSS 7.2, CVSS 8.8.
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (CVE-2025-29793).
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Both vulnerabilities are marked as “Exploitation More Likely”.
CVE-2025-26670: Windows LDAP Client
Remote Code Execution Vulnerability, CVSS: 8.1.
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. This vulnerability is marked as “Exploitation More Likely”.
CVE-2025-26663: Windows LDAP
Remote Code Execution Vulnerability, CVSS: 8.1.
Use after free in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to execute code over a network. This vulnerability is marked as “Exploitation More Likely”.
CVE-2025-27752, CVE-2025-29791: Microsoft Excel
Remote Code Execution Vulnerabilities, CVSS: 7.8.
A Heap-based buffer overflow and a type confusion vulnerability in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-27745, CVE-2025-27748, CVE-2025-27749: Microsoft Office
Remote Code Execution Vulnerabilities, CVSS: 7.8.
Three different use-after-free vulnerabilities in Microsoft Office allow an unauthorized attacker to execute code locally.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Register - https://www.theregister.com/2025/04/08/patch_tuesday_microsoft/
Bleeping Computer - https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-patch-tuesday-fixes-exploited-zero-day-134-flaws/
Tenable - https://www.tenable.com/blog/microsofts-april-2025-patch-tuesday-addresses-121-cves-cve-2025-29824
Zero Day Initiative - https://www.zerodayinitiative.com/blog/2025/4/8/the-april-2025-security-update-review