Patch Tuesday fixes an exploited bug, but not for Windows 10

Patch Tuesday has brought a wave of updates from Microsoft, addressing a total of over 120 vulnerabilities, including one actively exploited flaw and 11 critical issues. Notably, the most pressing concern is CVE-2025-29824, an elevation of privilege (EoP) vulnerability in the Windows Common Log File System Driver, which is currently being targeted by a group identified as Storm-2460. This group is leveraging the flaw to deploy ransomware known as PipeMagic, with victims reported in the US, Spain, Venezuela, and Saudi Arabia.

This particular vulnerability, rated at 7.8 on the CVSS scale, allows attackers to escalate their privileges to system level due to a use-after-free flaw. While patches for Windows Server and Windows 11 have been rolled out, Windows 10 users are still awaiting a fix. Microsoft has assured that updates for Windows 10 will be released promptly, with notifications sent to customers once available.

Interestingly, this month’s patch cycle has seen a trend where many patches do not yet cover Windows 10, raising questions about the operating system’s impending end of life. Microsoft has been approached for clarification regarding the release timeline and the underlying issues affecting Windows 10.

Among the critical vulnerabilities addressed this month, all allow for remote code execution (RCE). Three of these flaws impact Office applications, while others target Excel, LDAP, and Remote Desktop services. A summary of the most significant vulnerabilities is detailed below:

<th class="header textcenter borderright border_left”>CVE

<th class="header textcenter borderright”>Title

<th class="header textcenter borderright”>Severity

<th class="header textcenter borderright”>CVSS

<th class="header textcenter borderright”>Public

<th class="header textcenter borderright”>Exploited

<th class="header textcenter borderright”>Type

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-29824

<td class="textcenter borderright border_bottom”>Windows Common Log File System Driver Elevation of Privilege Vulnerability

<td class="textcenter borderright border_bottom”>Important

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>Yes

<td class="textcenter borderright border_bottom”>EoP

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-26670

<td class="textcenter borderright border_bottom”>Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>8.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27752

<td class="textcenter borderright border_bottom”>Microsoft Excel Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-29791

<td class="textcenter borderright border_bottom”>Microsoft Excel Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27745

<td class="textcenter borderright border_bottom”>Microsoft Office Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27748

<td class="textcenter borderright border_bottom”>Microsoft Office Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27749

<td class="textcenter borderright border_bottom”>Microsoft Office Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.8

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27491

<td class="textcenter borderright border_bottom”>Windows Hyper-V Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-26663

<td class="textcenter borderright border_bottom”>Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>8.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27480

<td class="textcenter borderright border_bottom”>Windows Remote Desktop Services Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>8.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-27482

<td class="textcenter borderright border_bottom”>Windows Remote Desktop Services Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>8.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-26686

<td class="textcenter borderright border_bottom”>Windows TCP/IP Remote Code Execution Vulnerability

<td class="textcenter borderright border_bottom”>Critical

<td class="textcenter borderright border_bottom”>7.5

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>RCE

<td class="textcenter borderright borderbottom borderleft”>CVE-2025-29809

<td class="textcenter borderright border_bottom”>Windows Kerberos Security Feature Bypass Vulnerability
(NB: Further administrative actions are required to fully address the vulnerability)

<td class="textcenter borderright border_bottom”>Important

<td class="textcenter borderright border_bottom”>7.1

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>No

<td class="textcenter borderright border_bottom”>SFB

Dustin Childs from ZDI highlighted that CVE-2025-29809 necessitates additional measures beyond standard patching to mitigate risks associated with Kerberos credential leakage. For those utilizing virtualization-based security, it is crucial to consult the relevant documentation and update policies accordingly.

Furthermore, vulnerabilities CVE-2025-26663 and CVE-2025-26670 present wormable risks, emphasizing the need for swift testing and deployment of updates, particularly for networks that may expose LDAP services. The Remote Desktop Protocol (RDP) vulnerabilities, CVE-2025-27480 and CVE-2025-27482, also carry similar risks, urging immediate action to either patch or restrict access to trusted networks.

Adobe, AMD Issues

In parallel, Adobe has released over 50 fixes this month, addressing vulnerabilities across a range of products including Cold Fusion, After Effects, and Photoshop. The company has classified some of the issues in Cold Fusion as critical and has urged users to prioritize these updates, despite the absence of evidence indicating active exploitation.

Meanwhile, AMD has updated several advisories concerning vulnerabilities related to GPU access, SMM vulnerabilities, and various Ryzen AI software issues. These advisories provide additional mitigations and information for users with affected products, ensuring that security remains a top priority in the tech landscape.