پشتیبانی 24/7 :

031-36691964 | 021-88203003

جستجو

انتشار آپدیت امنیتی ماه آپریل 2025 مایکروسافت و رفع  134 آسیب پذیری

تیتر مطالب

آپدیت امنیتی ماه آپریل 2025  مایکروسافت منتشر شد، در این به روز رسانی 134 آسیب پذیری که یک مورد از آنها Zero-day است، رفع شده است.
در بین آسیب پذیری های رفع شده، 11 آسیب پذیری حیاتی و اجرای کد از راه دور نیز وجود داشته است. لیست آسیب پذیری ها در هر دسته به شرح زیر است:

  • 49 Elevation of Privilege Vulnerabilities
  • 9 Security Feature Bypass Vulnerabilities
  • 31 Remote Code Execution Vulnerabilities
  • 17 Information Disclosure Vulnerabilities
  • 14 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

یک آسیب پذیری Zero-day فعال

این آسیب پذیری به شماره CVE-2025-29824 تنها آسیب پذیری رفع شده در لیست آپدیت ماه آپریل مایکروسافت است.

CVE-2025-29824 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

به گفته مایکروسافت با استفاده از این آسیب پذیری مهاجم می تواند به مجوزهای SYSTEM دست یابد. در حال حاضر آپدیت های امنیتی این آسیب پذیری تنها برای ویندوز سرور و ویندوز 11 در دسترس قرار گرفته و آپدیت برای ویندوز 10 بعدا منتشر خواهد شد. وصله برای ویندوز 10 به زودی منتشر خواهد شد و زمانی که در دسترس قرار بگیرد، کاربران از آن مطلع می شوند.

آپدیت های اخیر سایر شرکت ها

  • Apache fixed a maximum severity RCE flaw in Apache Parquet.
  • Apple backported fixes for actively exploited flaws to older devices.
  • Google released security updates for 62 Android vulnerabilities, including two zero-days exploited in targeted attacks.
  • Ivanti released its April security updates as well as a fix earlier this month to patch a critical Connect Secure remote code execution flaw exploited by Chinese threat actors.
  • Fortinet released security updates for numerous products, including a critical flaw that allows attackers to change admin passwords in FortiSwitch.
  • Mikrotek released security updates as part of its April 2025 security bulletin.
  • Minio released security updates for an “incomplete signature validation for unsigned-trailer uploads” flaw, urging users to upgrade ASAP.
  • SAP releases security updates for multiple products, including three critical flaws.
  • WinRAR disclosed a flaw that prevented Mark of the Web updates from propagating to extracted files.

لیست کامل آپدیت امنیتی ماه  آپریل 2025 مایکروسافت

TagCVE IDCVE TitleSeverity
Active Directory Domain ServicesCVE-2025-29810Active Directory Domain Services Elevation of Privilege VulnerabilityImportant
ASP.NET CoreCVE-2025-26682ASP.NET Core and Visual Studio Denial of Service VulnerabilityImportant
Azure LocalCVE-2025-27489Azure Local Elevation of Privilege VulnerabilityImportant
Azure Local ClusterCVE-2025-26628Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Local ClusterCVE-2025-25002Azure Local Cluster Information Disclosure VulnerabilityImportant
Azure Portal Windows Admin CenterCVE-2025-29819Windows Admin Center in Azure Portal Information Disclosure VulnerabilityImportant
Dynamics Business CentralCVE-2025-29821Microsoft Dynamics Business Central Information Disclosure VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29800Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-29801Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-3073Chromium: CVE-2025-3073 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2025-3068Chromium: CVE-2025-3068 Inappropriate implementation in IntentsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3074Chromium: CVE-2025-3074 Inappropriate implementation in DownloadsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3067Chromium: CVE-2025-3067 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3071Chromium: CVE-2025-3071 Inappropriate implementation in NavigationsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3072Chromium: CVE-2025-3072 Inappropriate implementation in Custom TabsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3070Chromium: CVE-2025-3070 Insufficient validation of untrusted input in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-3069Chromium: CVE-2025-3069 Inappropriate implementation in ExtensionsUnknown
Microsoft Edge (Chromium-based)CVE-2025-25000Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-29815Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2025-25001Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft Edge (Chromium-based)CVE-2025-3066Chromium: CVE-2025-3066 Use after free in NavigationsUnknown
Microsoft Edge for iOSCVE-2025-29796Microsoft Edge for iOS Spoofing VulnerabilityLow
Microsoft OfficeCVE-2025-27745Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27744Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-26642Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-29792Microsoft Office Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2025-29791Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27748Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-27746Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2025-27749Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2025-27751Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27750Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-29823Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-27752Microsoft Excel Remote Code Execution VulnerabilityCritical
Microsoft Office OneNoteCVE-2025-29822Microsoft OneNote Security Feature Bypass VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29794Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-29793Microsoft SharePoint Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-27747Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-29816Microsoft Word Security Feature Bypass VulnerabilityImportant
Microsoft Office WordCVE-2025-29820Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Streaming ServiceCVE-2025-27471Microsoft Streaming Service Denial of Service VulnerabilityImportant
Microsoft Virtual Hard DriveCVE-2025-26688Microsoft Virtual Hard Disk Elevation of Privilege VulnerabilityImportant
OpenSSH for WindowsCVE-2025-27731Microsoft OpenSSH for Windows Elevation of Privilege VulnerabilityImportant
Outlook for AndroidCVE-2025-29805Outlook for Android Information Disclosure VulnerabilityImportant
Remote Desktop ClientCVE-2025-27487Remote Desktop Client Remote Code Execution VulnerabilityImportant
Remote Desktop Gateway ServiceCVE-2025-27482Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
Remote Desktop Gateway ServiceCVE-2025-27480Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
RPC Endpoint Mapper ServiceCVE-2025-26679RPC Endpoint Mapper Service Elevation of Privilege VulnerabilityImportant
System CenterCVE-2025-27743Microsoft System Center Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29802Visual Studio Elevation of Privilege VulnerabilityImportant
Visual StudioCVE-2025-29804Visual Studio Elevation of Privilege VulnerabilityImportant
Visual Studio CodeCVE-2025-20570Visual Studio Code Elevation of Privilege VulnerabilityImportant
Visual Studio Tools for Applications and SQL Server Management StudioCVE-2025-29803Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege VulnerabilityImportant
Windows Active Directory Certificate ServicesCVE-2025-27740Active Directory Certificate Services Elevation of Privilege VulnerabilityImportant
Windows BitLockerCVE-2025-26637BitLocker Security Feature Bypass VulnerabilityImportant
Windows Bluetooth ServiceCVE-2025-27490Windows Bluetooth Service Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-29824Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-29808Windows Cryptographic Services Information Disclosure VulnerabilityImportant
Windows Cryptographic ServicesCVE-2025-26641Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityImportant
Windows Defender Application Control (WDAC)CVE-2025-26678Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Digital MediaCVE-2025-27730Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27467Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-26640Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows Digital MediaCVE-2025-27476Windows Digital Media Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24074Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24073Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24058Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24062Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-24060Microsoft DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows HelloCVE-2025-26635Windows Hello Security Feature Bypass VulnerabilityImportant
Windows HelloCVE-2025-26644Windows Hello Spoofing VulnerabilityImportant
Windows HTTP.sysCVE-2025-27473HTTP.sys Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2025-27491Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows InstallerCVE-2025-27727Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-26647Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2025-27479Kerberos Key Distribution Proxy Service Denial of Service VulnerabilityImportant
Windows KerberosCVE-2025-29809Windows Kerberos Security Feature Bypass VulnerabilityImportant
Windows KernelCVE-2025-26648Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-27739Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel MemoryCVE-2025-29812DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2025-27728Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26673Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26663Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution VulnerabilityCritical
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-27469Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
Windows LDAP – Lightweight Directory Access ProtocolCVE-2025-26670Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityCritical
Windows Local Security Authority (LSA)CVE-2025-21191Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2025-27478Windows Local Security Authority (LSA) Elevation of Privilege VulnerabilityImportant
Windows Local Session Manager (LSM)CVE-2025-26651Windows Local Session Manager (LSM) Denial of Service VulnerabilityImportant
Windows Mark of the Web (MOTW)CVE-2025-27472Windows Mark of the Web Security Feature Bypass VulnerabilityImportant
Windows MediaCVE-2025-26666Windows Media Remote Code Execution VulnerabilityImportant
Windows MediaCVE-2025-26674Windows Media Remote Code Execution VulnerabilityImportant
Windows Mobile BroadbandCVE-2025-29811Windows Mobile Broadband Driver Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27742NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-21197Windows NTFS Information Disclosure VulnerabilityImportant
Windows NTFSCVE-2025-27741NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27483NTFS Elevation of Privilege VulnerabilityImportant
Windows NTFSCVE-2025-27733NTFS Elevation of Privilege VulnerabilityImportant
Windows Power Dependency CoordinatorCVE-2025-27736Windows Power Dependency Coordinator Information Disclosure VulnerabilityImportant
Windows Remote Desktop ServicesCVE-2025-26671Windows Remote Desktop Services Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2025-27738Windows Resilient File System (ReFS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-27474Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-21203Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26668Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26667Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26664Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26672Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26669Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-26676Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityImportant
Windows Secure ChannelCVE-2025-27492Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Secure ChannelCVE-2025-26649Windows Secure Channel Elevation of Privilege VulnerabilityImportant
Windows Security Zone MappingCVE-2025-27737Windows Security Zone Mapping Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2025-27729Windows Shell Remote Code Execution VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27485Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27486Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-21174Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26680Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-27470Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-26652Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Subsystem for LinuxCVE-2025-26675Windows Subsystem for Linux Elevation of Privilege VulnerabilityImportant
Windows TCP/IPCVE-2025-26686Windows TCP/IP Remote Code Execution VulnerabilityCritical
Windows Telephony ServiceCVE-2025-27481Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21222Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21205Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-21221Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Telephony ServiceCVE-2025-27477Windows Telephony Service Remote Code Execution VulnerabilityImportant
Windows Universal Plug and Play (UPnP) Device HostCVE-2025-27484Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-21204Windows Process Activation Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2025-27475Windows Update Stack Elevation of Privilege VulnerabilityImportant
Windows upnphost.dllCVE-2025-26665Windows upnphost.dll Elevation of Privilege VulnerabilityImportant
Windows USB Print DriverCVE-2025-26639Windows USB Print Driver Elevation of Privilege VulnerabilityImportant
Windows Virtualization-Based Security (VBS) EnclaveCVE-2025-27735Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-27732Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26687Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-26681Win32k Elevation of Privilege VulnerabilityImportant

منبع :

bleepingcomputer.com

شرکت فنی مهندسی ارتباط پانا

از سال ۱۳۸۴ به عنوان شرکتی پیشرو در زمینه “امنیت شبکه” فعالیت خود را آغاز کرد و با اخذ مجوزهای مربوطه و همچنین با بهره گیری از تیمی متخصص و حرفه ای در جایگاه یکی از معتبرترین فعالان این صنعت قرار گرفته است. 

دسترسی سریع

امنیت حرفه ای

عضویت در خبرنامه

شبکه اجتماعی