Wtorek poprawek firmy Microsoft z kwietnia 2025 r. obejmuje aktualizacje zabezpieczeń dla 134 luk, w tym jedną aktywnie wykorzystywaną lukę typu zero-day.
Wtorek poprawek naprawia również jedenaście luk „krytycznych”, wszystkie luki umożliwiające zdalne wykonanie kodu.
Liczba błędów w każdej kategorii luk jest wymieniona poniżej:
- 49 luk umożliwiających podniesienie uprawnień
- 9 luk umożliwiających ominięcie funkcji bezpieczeństwa
- 31 luk umożliwiających zdalne wykonanie kodu
- 17 luk umożliwiających ujawnienie informacji
- 14 luk umożliwiających odmowę usługi
- 3 luki umożliwiające podszywanie się
W tym miesiącu Patch Tuesday naprawia jedną aktywnie wykorzystywaną lukę typu zero-day.
Aktywnie wykorzystywana luka typu zero-day w dzisiejszych aktualizacjach to:
CVE-2025-29824 – Luka w zabezpieczeniach umożliwiająca podniesienie uprawnień sterownika systemu plików dziennika systemu Windows Common Log
Firma Microsoft twierdzi, że ta luka umożliwia lokalnym atakującym uzyskanie uprawnień SYSTEM na urządzeniu/
„Aktualizacja zabezpieczeń dla systemu Windows 10 dla systemów opartych na architekturze x64 i systemu Windows 10 dla systemów 32-bitowych nie jest natychmiast dostępna” — wyjaśnił Microsoft.
„Aktualizacje zostaną wydane tak szybko, jak to możliwe, a gdy będą dostępne, klienci zostaną powiadomieni za pośrednictwem rewizji tych informacji CVE”.
Firma Microsoft twierdzi, że poprawki nie są dostępne dla systemu Windows 10 LTSB 2015 i zostaną wydane w przyszłości.
| Tag | CVE ID | CVE opis | Krytyczność |
| Active Directory Domain Services | CVE-2025-29810 | Active Directory Domain Services Elevation of Privilege Vulnerability | Wysoka |
| ASP.NET Core | CVE-2025-26682 | ASP.NET Core and Visual Studio Denial of Service Vulnerability | Wysoka |
| Azure Local | CVE-2025-27489 | Azure Local Elevation of Privilege Vulnerability | Wysoka |
| Azure Local Cluster | CVE-2025-26628 | Azure Local Cluster Information Disclosure Vulnerability | Wysoka |
| Azure Local Cluster | CVE-2025-25002 | Azure Local Cluster Information Disclosure Vulnerability | Wysoka |
| Azure Portal Windows Admin Center | CVE-2025-29819 | Windows Admin Center in Azure Portal Information Disclosure Vulnerability | Wysoka |
| Dynamics Business Central | CVE-2025-29821 | Microsoft Dynamics Business Central Information Disclosure Vulnerability | Wysoka |
| Microsoft AutoUpdate (MAU) | CVE-2025-29800 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Wysoka |
| Microsoft AutoUpdate (MAU) | CVE-2025-29801 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Wysoka |
| Microsoft Edge (Chromium-based) | CVE-2025-3073 | Chromium: CVE-2025-3073 Inappropriate implementation in Autofill | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3068 | Chromium: CVE-2025-3068 Inappropriate implementation in Intents | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3074 | Chromium: CVE-2025-3074 Inappropriate implementation in Downloads | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3067 | Chromium: CVE-2025-3067 Inappropriate implementation in Custom Tabs | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3071 | Chromium: CVE-2025-3071 Inappropriate implementation in Navigations | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3072 | Chromium: CVE-2025-3072 Inappropriate implementation in Custom Tabs | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3070 | Chromium: CVE-2025-3070 Insufficient validation of untrusted input in Extensions | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-3069 | Chromium: CVE-2025-3069 Inappropriate implementation in Extensions | Nieokreślona |
| Microsoft Edge (Chromium-based) | CVE-2025-25000 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Wysoka |
| Microsoft Edge (Chromium-based) | CVE-2025-29815 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Wysoka |
| Microsoft Edge (Chromium-based) | CVE-2025-25001 | Microsoft Edge for iOS Spoofing Vulnerability | Niska |
| Microsoft Edge (Chromium-based) | CVE-2025-3066 | Chromium: CVE-2025-3066 Use after free in Navigations | Nieokreślona |
| Microsoft Edge for iOS | CVE-2025-29796 | Microsoft Edge for iOS Spoofing Vulnerability | Niska |
| Microsoft Office | CVE-2025-27745 | Microsoft Office Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Office | CVE-2025-27744 | Microsoft Office Elevation of Privilege Vulnerability | Wysoka |
| Microsoft Office | CVE-2025-26642 | Microsoft Office Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office | CVE-2025-29792 | Microsoft Office Elevation of Privilege Vulnerability | Wysoka |
| Microsoft Office | CVE-2025-29791 | Microsoft Excel Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Office | CVE-2025-27748 | Microsoft Office Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Office | CVE-2025-27746 | Microsoft Office Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office | CVE-2025-27749 | Microsoft Office Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Office Excel | CVE-2025-27751 | Microsoft Excel Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office Excel | CVE-2025-27750 | Microsoft Excel Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office Excel | CVE-2025-29823 | Microsoft Excel Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office Excel | CVE-2025-27752 | Microsoft Excel Remote Code Execution Vulnerability | Krytyczna |
| Microsoft Office OneNote | CVE-2025-29822 | Microsoft OneNote Security Feature Bypass Vulnerability | Wysoka |
| Microsoft Office SharePoint | CVE-2025-29794 | Microsoft SharePoint Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office SharePoint | CVE-2025-29793 | Microsoft SharePoint Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office Word | CVE-2025-27747 | Microsoft Word Remote Code Execution Vulnerability | Wysoka |
| Microsoft Office Word | CVE-2025-29816 | Microsoft Word Security Feature Bypass Vulnerability | Wysoka |
| Microsoft Office Word | CVE-2025-29820 | Microsoft Word Remote Code Execution Vulnerability | Wysoka |
| Microsoft Streaming Service | CVE-2025-27471 | Microsoft Streaming Service Denial of Service Vulnerability | Wysoka |
| Microsoft Virtual Hard Drive | CVE-2025-26688 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | Wysoka |
| OpenSSH for Windows | CVE-2025-27731 | Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability | Wysoka |
| Outlook for Android | CVE-2025-29805 | Outlook for Android Information Disclosure Vulnerability | Wysoka |
| Remote Desktop Client | CVE-2025-27487 | Remote Desktop Client Remote Code Execution Vulnerability | Wysoka |
| Remote Desktop Gateway Service | CVE-2025-27482 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Krytyczna |
| Remote Desktop Gateway Service | CVE-2025-27480 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Krytyczna |
| RPC Endpoint Mapper Service | CVE-2025-26679 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | Wysoka |
| System Center | CVE-2025-27743 | Microsoft System Center Elevation of Privilege Vulnerability | Wysoka |
| Visual Studio | CVE-2025-29802 | Visual Studio Elevation of Privilege Vulnerability | Wysoka |
| Visual Studio | CVE-2025-29804 | Visual Studio Elevation of Privilege Vulnerability | Wysoka |
| Visual Studio Code | CVE-2025-20570 | Visual Studio Code Elevation of Privilege Vulnerability | Wysoka |
| Visual Studio Tools for Applications and SQL Server Management Studio | CVE-2025-29803 | Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability | Wysoka |
| Windows Active Directory Certificate Services | CVE-2025-27740 | Active Directory Certificate Services Elevation of Privilege Vulnerability | Wysoka |
| Windows BitLocker | CVE-2025-26637 | BitLocker Security Feature Bypass Vulnerability | Wysoka |
| Windows Bluetooth Service | CVE-2025-27490 | Windows Bluetooth Service Elevation of Privilege Vulnerability | Wysoka |
| Windows Common Log File System Driver | CVE-2025-29824 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Wysoka |
| Windows Cryptographic Services | CVE-2025-29808 | Windows Cryptographic Services Information Disclosure Vulnerability | Wysoka |
| Windows Cryptographic Services | CVE-2025-26641 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Wysoka |
| Windows Defender Application Control (WDAC) | CVE-2025-26678 | Windows Defender Application Control Security Feature Bypass Vulnerability | Wysoka |
| Windows Digital Media | CVE-2025-27730 | Windows Digital Media Elevation of Privilege Vulnerability | Wysoka |
| Windows Digital Media | CVE-2025-27467 | Windows Digital Media Elevation of Privilege Vulnerability | Wysoka |
| Windows Digital Media | CVE-2025-26640 | Windows Digital Media Elevation of Privilege Vulnerability | Wysoka |
| Windows Digital Media | CVE-2025-27476 | Windows Digital Media Elevation of Privilege Vulnerability | Wysoka |
| Windows DWM Core Library | CVE-2025-24074 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Wysoka |
| Windows DWM Core Library | CVE-2025-24073 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Wysoka |
| Windows DWM Core Library | CVE-2025-24058 | Windows DWM Core Library Elevation of Privilege Vulnerability | Wysoka |
| Windows DWM Core Library | CVE-2025-24062 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Wysoka |
| Windows DWM Core Library | CVE-2025-24060 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Wysoka |
| Windows Hello | CVE-2025-26635 | Windows Hello Security Feature Bypass Vulnerability | Wysoka |
| Windows Hello | CVE-2025-26644 | Windows Hello Spoofing Vulnerability | Wysoka |
| Windows HTTP.sys | CVE-2025-27473 | HTTP.sys Denial of Service Vulnerability | Wysoka |
| Windows Hyper-V | CVE-2025-27491 | Windows Hyper-V Remote Code Execution Vulnerability | Krytyczna |
| Windows Installer | CVE-2025-27727 | Windows Installer Elevation of Privilege Vulnerability | Wysoka |
| Windows Kerberos | CVE-2025-26647 | Windows Kerberos Elevation of Privilege Vulnerability | Wysoka |
| Windows Kerberos | CVE-2025-27479 | Kerberos Key Distribution Proxy Service Denial of Service Vulnerability | Wysoka |
| Windows Kerberos | CVE-2025-29809 | Windows Kerberos Security Feature Bypass Vulnerability | Wysoka |
| Windows Kernel | CVE-2025-26648 | Windows Kernel Elevation of Privilege Vulnerability | Wysoka |
| Windows Kernel | CVE-2025-27739 | Windows Kernel Elevation of Privilege Vulnerability | Wysoka |
| Windows Kernel Memory | CVE-2025-29812 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Wysoka |
| Windows Kernel-Mode Drivers | CVE-2025-27728 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Wysoka |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-26673 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Wysoka |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-26663 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | Krytyczna |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-27469 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Wysoka |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2025-26670 | Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | Krytyczna |
| Windows Local Security Authority (LSA) | CVE-2025-21191 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Wysoka |
| Windows Local Security Authority (LSA) | CVE-2025-27478 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | Wysoka |
| Windows Local Session Manager (LSM) | CVE-2025-26651 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | Wysoka |
| Windows Mark of the Web (MOTW) | CVE-2025-27472 | Windows Mark of the Web Security Feature Bypass Vulnerability | Wysoka |
| Windows Media | CVE-2025-26666 | Windows Media Remote Code Execution Vulnerability | Wysoka |
| Windows Media | CVE-2025-26674 | Windows Media Remote Code Execution Vulnerability | Wysoka |
| Windows Mobile Broadband | CVE-2025-29811 | Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | Wysoka |
| Windows NTFS | CVE-2025-27742 | NTFS Information Disclosure Vulnerability | Wysoka |
| Windows NTFS | CVE-2025-21197 | Windows NTFS Information Disclosure Vulnerability | Wysoka |
| Windows NTFS | CVE-2025-27741 | NTFS Elevation of Privilege Vulnerability | Wysoka |
| Windows NTFS | CVE-2025-27483 | NTFS Elevation of Privilege Vulnerability | Wysoka |
| Windows NTFS | CVE-2025-27733 | NTFS Elevation of Privilege Vulnerability | Wysoka |
| Windows Power Dependency Coordinator | CVE-2025-27736 | Windows Power Dependency Coordinator Information Disclosure Vulnerability | Wysoka |
| Windows Remote Desktop Services | CVE-2025-26671 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Wysoka |
| Windows Resilient File System (ReFS) | CVE-2025-27738 | Windows Resilient File System (ReFS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-27474 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-21203 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26668 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26667 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26664 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26672 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26669 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-26676 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Wysoka |
| Windows Secure Channel | CVE-2025-27492 | Windows Secure Channel Elevation of Privilege Vulnerability | Wysoka |
| Windows Secure Channel | CVE-2025-26649 | Windows Secure Channel Elevation of Privilege Vulnerability | Wysoka |
| Windows Security Zone Mapping | CVE-2025-27737 | Windows Security Zone Mapping Security Feature Bypass Vulnerability | Wysoka |
| Windows Shell | CVE-2025-27729 | Windows Shell Remote Code Execution Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-27485 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-27486 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-21174 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-26680 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-27470 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Standards-Based Storage Management Service | CVE-2025-26652 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Wysoka |
| Windows Subsystem for Linux | CVE-2025-26675 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Wysoka |
| Windows TCP/IP | CVE-2025-26686 | Windows TCP/IP Remote Code Execution Vulnerability | Krytyczna |
| Windows Telephony Service | CVE-2025-27481 | Windows Telephony Service Remote Code Execution Vulnerability | Wysoka |
| Windows Telephony Service | CVE-2025-21222 | Windows Telephony Service Remote Code Execution Vulnerability | Wysoka |
| Windows Telephony Service | CVE-2025-21205 | Windows Telephony Service Remote Code Execution Vulnerability | Wysoka |
| Windows Telephony Service | CVE-2025-21221 | Windows Telephony Service Remote Code Execution Vulnerability | Wysoka |
| Windows Telephony Service | CVE-2025-27477 | Windows Telephony Service Remote Code Execution Vulnerability | Wysoka |
| Windows Universal Plug and Play (UPnP) Device Host | CVE-2025-27484 | Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability | Wysoka |
| Windows Update Stack | CVE-2025-21204 | Windows Process Activation Elevation of Privilege Vulnerability | Wysoka |
| Windows Update Stack | CVE-2025-27475 | Windows Update Stack Elevation of Privilege Vulnerability | Wysoka |
| Windows upnphost.dll | CVE-2025-26665 | Windows upnphost.dll Elevation of Privilege Vulnerability | Wysoka |
| Windows USB Print Driver | CVE-2025-26639 | Windows USB Print Driver Elevation of Privilege Vulnerability | Wysoka |
| Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-27735 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | Wysoka |
| Windows Win32K – GRFX | CVE-2025-27732 | Windows Graphics Component Elevation of Privilege Vulnerability | Wysoka |
| Windows Win32K – GRFX | CVE-2025-26687 | Win32k Elevation of Privilege Vulnerability | Wysoka |
| Windows Win32K – GRFX | CVE-2025-26681 | Win32k Elevation of Privilege Vulnerability | Wysoka |
+48 22242 1996
+48 571 207 996
cert@pse.pl 
klucz publiczny