Create 2025-apr.txt

Bert-JanP · Bert-JanP · commit cbf26cb6cdfe · 2025-04-08T20:17:48.000+02:00
diff --git a/Patch Tuesday/History/2025-apr.txt b/Patch Tuesday/History/2025-apr.txt
@@ -0,0 +1,51 @@
+[+] Microsoft Patch Tuesday Stats
+[+] https://github.com/Immersive-Labs-Sec/msrc-api
+[+] April 2025 Security Updates
+[+] Found a total of 202 vulnerabilities
+  [-] 49 Elevation of Privilege Vulnerabilities
+  [-] 9 Security Feature Bypass Vulnerabilities
+  [-] 31 Remote Code Execution Vulnerabilities
+  [-] 17 Information Disclosure Vulnerabilities
+  [-] 14 Denial of Service Vulnerabilities
+  [-] 3 Spoofing Vulnerabilities
+  [-] 11 Edge - Chromium Vulnerabilities
+[+] Found 1 exploited in the wild
+  [-] CVE-2025-29824 - 7.8 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
+[+] Highest Rated Vulnerabilities
+  [-] CVE-2025-26663 - 8.1 - Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
+  [-] CVE-2025-26669 - 8.8 - Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
+  [-] CVE-2025-27477 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability
+  [-] CVE-2025-27740 - 8.8 - Active Directory Certificate Services Elevation of Privilege Vulnerability
+  [-] CVE-2025-29794 - 8.8 - Microsoft SharePoint Remote Code Execution Vulnerability
+  [-] CVE-2025-21205 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability
+  [-] CVE-2025-21221 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability
+  [-] CVE-2025-21222 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability
+  [-] CVE-2025-25000 - 8.8 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
+  [-] CVE-2025-26647 - 8.1 - Windows Kerberos Elevation of Privilege Vulnerability
+  [-] CVE-2025-26670 - 8.1 - Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
+  [-] CVE-2025-26671 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability
+  [-] CVE-2025-26678 - 8.4 - Windows Defender Application Control Security Feature Bypass Vulnerability
+  [-] CVE-2025-27480 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability
+  [-] CVE-2025-27481 - 8.8 - Windows Telephony Service Remote Code Execution Vulnerability
+  [-] CVE-2025-27482 - 8.1 - Windows Remote Desktop Services Remote Code Execution Vulnerability
+  [-] CVE-2025-27487 - 8.0 - Remote Desktop Client Remote Code Execution Vulnerability
+  [-] CVE-2025-27737 - 8.6 - Windows Security Zone Mapping Security Feature Bypass Vulnerability
+  [-] CVE-2017-17522 - 8.8 - None
+  [-] CVE-2024-3727 - 8.3 - None
+  [-] CVE-2024-21896 - 9.8 - None
+  [-] CVE-2007-4559 - 9.8 - None
+  [-] CVE-2024-52338 - 9.8 - None
+  [-] CVE-2024-45337 - 9.1 - None
+  [-] CVE-2024-7776 - 9.1 - None
+[+] Found 11 vulnerabilites more likely to be exploited
+  [-] CVE-2025-26663 -- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-26663
+  [-] CVE-2025-27472 -- Windows Mark of the Web Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27472
+  [-] CVE-2025-29793 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29793
+  [-] CVE-2025-29792 -- Microsoft Office Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29792
+  [-] CVE-2025-29794 -- Microsoft SharePoint Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29794
+  [-] CVE-2025-26670 -- Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-26670
+  [-] CVE-2025-27480 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27480
+  [-] CVE-2025-27482 -- Windows Remote Desktop Services Remote Code Execution Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27482
+  [-] CVE-2025-27727 -- Windows Installer Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-27727
+  [-] CVE-2025-29809 -- Windows Kerberos Security Feature Bypass Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29809
+  [-] CVE-2025-29812 -- DirectX Graphics Kernel Elevation of Privilege Vulnerability - https://www.cve.org/CVERecord?id=CVE-2025-29812
