Microsoft security alert.
April 8, 2025
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 115 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Internet Explorer Cumulative Security Update (KB5055515) for April 2025
- Severity
- Critical 4
- Qualys ID
- 100423
- Vendor Reference
- KB5055515
- CVE Reference
- CVE-2025-27737
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
Internet Explorer is a web browser developed by Microsoft that is included on Microsoft Windows operating systems.
Microsoft has released KB55055515 for Internet Explorer 11 and 9
Affected Versions:
Internet Explorer 11 on Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2012.
Internet Explorer 11 on Windows Server 2008.
Internet Explorer 9 for Windows Server 2008QID Detection Logic:
This authenticated QID detects vulnerable systems based on the file version reported by "mshtml.dll". - Consequence
-
Successful exploitation allows an unauthenticated, remote attacker to bypass security restrictions and gain access to sensitive information on a targeted system.
- Solution
-
Customers are advised to review KB5055515 for more information pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5055515
-
Microsoft SharePoint Server Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 110491
- Vendor Reference
- KB5002680, KB5002682, KB5002691, KB5002705
- CVE Reference
- CVE-2025-26642, CVE-2025-27746, CVE-2025-27747, CVE-2025-29793, CVE-2025-29794, CVE-2025-29820
- CVSS Scores
- Base 10 / Temporal 7.4
- Description
-
Microsoft has released April 2025 security update to fix Remote Code Execution vulnerabilities in its Sharepoint Server Versions 2016, 2019, and Sharepoint Subscription Edition.
This security update contains the following KBs:
KB5002682
KB5002680
KB5002691
KB5002705QID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Sharepoint via the Windows Registry. Below is the mapping of the Filename, patched version, and KB details checked for each applicable Product:
WSSSETUP.DLL - 16.0.5495.1002 (KB5002682)
ONETUTIL.DLL - 16.0.10417.20003 (KB5002680, KB5002691)
mssmsg.dll - 16.0.18526.20172 (KB5002705) - Consequence
-
Vulnerable SharePoint may be prone to Remote Code Execution Vulnerabilities.
- Solution
-
Customers are advised to refer to the below Article:
CVE-2025-26642,
CVE-2025-29820,
CVE-2025-29794,
CVE-2025-29793,
CVE-2025-27747, and
CVE-2025-27746 for more information regarding the vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-26642
CVE-2025-27746
CVE-2025-27747
CVE-2025-29793
CVE-2025-29794
CVE-2025-29820
-
Microsoft Office Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 110492
- Vendor Reference
- KB4484432, KB5002573, KB5002588, KB5002622, KB5002669, KB5002699, KB5002700, KB5002701, KB5002702, KB5002703, KB5002704, Office Click-2-Run and Office 365 Release Notes, Office Release Notes for Mac
- CVE Reference
- CVE-2025-26642, CVE-2025-27744, CVE-2025-27745, CVE-2025-27746, CVE-2025-27747, CVE-2025-27748, CVE-2025-27749, CVE-2025-27750, CVE-2025-27751, CVE-2025-27752, CVE-2025-29791, CVE-2025-29792, CVE-2025-29816, CVE-2025-29820, CVE-2025-29822, CVE-2025-29823
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released Office Security Updates for April 2025 to fix Security Feature Bypass, Remote Code Execution, Elevation of Privilege vulnerabilities.
This security update contains the following:
KB5002702
KB5002700
KB5002573
KB5002701
KB5002588
KB5002703
KB5002704
KB5002699
KB5002622
KB4484432
KB5002669
Office Release Notes for Mac and
Office Click-2-Run and Office 365 Release NotesQID Detection Logic (Authenticated):
Operating System: Windows
The detection extracts the Install Path for Microsoft Office via the Windows Registry. The QID checks the file version of "graph.exe" to identify vulnerable versions of Microsoft Office.Operating System: MacOS
This QID checks for the vulnerable versions of affected Office Applications. - Consequence
-
Vulnerable products may be prone to Security Feature Bypass, Remote Code Execution, Elevation of Privilege Vulnerabilities.
- Solution
-
Customers are advised to refer to these Article(s):
CVE-2025-29816,
CVE-2025-26642,
CVE-2025-27749,
CVE-2025-29823,
CVE-2025-29822,
CVE-2025-29820,
CVE-2025-29792,
CVE-2025-29791,
CVE-2025-27750,
CVE-2025-27752,
CVE-2025-27751,
CVE-2025-27747,
CVE-2025-27748,
CVE-2025-27746,
CVE-2025-27745, and
CVE-2025-27744 for more information regarding these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-26642
CVE-2025-27744
CVE-2025-27745
CVE-2025-27746
CVE-2025-27747
CVE-2025-27748
CVE-2025-27749
CVE-2025-27750
CVE-2025-27751
CVE-2025-27752
CVE-2025-29791
CVE-2025-29792
CVE-2025-29816
CVE-2025-29820
CVE-2025-29822
CVE-2025-29823
-
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability for April 2025
- Severity
- Critical 4
- Qualys ID
- 383057
- Vendor Reference
- CVE-2025-29800, CVE-2025-29801
- CVE Reference
- CVE-2025-29800, CVE-2025-29801
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
An elevation of privilege vulnerability exists in Microsoft AutoUpdate (MAU) application for Mac perform commands as Root in the target environment.
Affected Software:
Microsoft AutoUpdate for Mac version prior to 4.78QID Detection Logic (Authenticated):
The authenticated check looks for installed Mac packages. - Consequence
-
An attacker who successfully exploits this vulnerability could gain Root privileges in the target environment.
- Solution
-
Vendor has released a patch to address this vulnerablity. Please refer to the articles CVE-2025-29800 and CVE-2025-29801 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-29800
CVE-2025-29801
-
Microsoft Visual Studio Code Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 383058
- Vendor Reference
- CVE-2025-20570
- CVE Reference
- CVE-2025-20570
- CVSS Scores
- Base 4.3 / Temporal 3.2
- Description
-
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop and is available for Windows, macOS and Linux.
Affected Versions:
Visual studio code prior to version 1.99.0QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of Visual Studio Code.
- Consequence
-
Vulnerable versions of Visual Studio may be prone to gain elevated privileges by the attacker
- Solution
-
Customers are advised to refer to:
CVE-2025-20570 for further patch details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-20570
-
Microsoft Windows Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 92234
- Vendor Reference
- KB5055518, KB5055519, KB5055521, KB5055523, KB5055528
- CVE Reference
- CVE-2025-21174, CVE-2025-21191, CVE-2025-21197, CVE-2025-21203, CVE-2025-21204, CVE-2025-21205, CVE-2025-21221, CVE-2025-21222, CVE-2025-24058, CVE-2025-24060, CVE-2025-24062, CVE-2025-24073, CVE-2025-24074, CVE-2025-26635, CVE-2025-26637, CVE-2025-26639, CVE-2025-26640, CVE-2025-26641, CVE-2025-26644, CVE-2025-26647, CVE-2025-26648, CVE-2025-26649, CVE-2025-26651, CVE-2025-26652, CVE-2025-26663, CVE-2025-26664, CVE-2025-26665, CVE-2025-26666, CVE-2025-26667, CVE-2025-26668, CVE-2025-26669, CVE-2025-26670, CVE-2025-26671, CVE-2025-26672, CVE-2025-26673, CVE-2025-26674, CVE-2025-26675, CVE-2025-26676, CVE-2025-26678, CVE-2025-26679, CVE-2025-26680, CVE-2025-26681, CVE-2025-26686, CVE-2025-26687, CVE-2025-26688, CVE-2025-27467, CVE-2025-27469, CVE-2025-27470, CVE-2025-27471, CVE-2025-27473, CVE-2025-27474, CVE-2025-27475, CVE-2025-27476, CVE-2025-27477, CVE-2025-27478, CVE-2025-27479, CVE-2025-27480, CVE-2025-27481, CVE-2025-27482, CVE-2025-27483, CVE-2025-27484, CVE-2025-27485, CVE-2025-27486, CVE-2025-27487, CVE-2025-27490, CVE-2025-27491, CVE-2025-27492, CVE-2025-27727, CVE-2025-27728, CVE-2025-27729, CVE-2025-27730, CVE-2025-27731, CVE-2025-27732, CVE-2025-27733, CVE-2025-27735, CVE-2025-27736, CVE-2025-27737, CVE-2025-27738, CVE-2025-27739, CVE-2025-27740, CVE-2025-27741, CVE-2025-27742, CVE-2025-29809, CVE-2025-29810, CVE-2025-29811, CVE-2025-29812, CVE-2025-29824
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft Windows Security Update for April 2025
KB5055518
KB5055519
KB5055528
KB5055521
KB5055523
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5055518
KB5055519
KB5055528
KB5055521
KB5055523
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5055518
KB5055519
KB5055521
KB5055523
KB5055528
-
Microsoft Windows Server Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 92235
- Vendor Reference
- KB5055519, KB5055521, KB5055523, KB5055526, KB5055527, KB5055557, KB5055561, KB5055570, KB5055581, KB5055596, KB5055609
- CVE Reference
- CVE-2025-21174, CVE-2025-21191, CVE-2025-21197, CVE-2025-21203, CVE-2025-21204, CVE-2025-21205, CVE-2025-21221, CVE-2025-21222, CVE-2025-24058, CVE-2025-24060, CVE-2025-24062, CVE-2025-24073, CVE-2025-24074, CVE-2025-26635, CVE-2025-26637, CVE-2025-26639, CVE-2025-26640, CVE-2025-26641, CVE-2025-26644, CVE-2025-26647, CVE-2025-26648, CVE-2025-26649, CVE-2025-26651, CVE-2025-26652, CVE-2025-26663, CVE-2025-26664, CVE-2025-26665, CVE-2025-26666, CVE-2025-26667, CVE-2025-26668, CVE-2025-26669, CVE-2025-26670, CVE-2025-26671, CVE-2025-26672, CVE-2025-26673, CVE-2025-26674, CVE-2025-26675, CVE-2025-26676, CVE-2025-26678, CVE-2025-26679, CVE-2025-26680, CVE-2025-26681, CVE-2025-26686, CVE-2025-26687, CVE-2025-26688, CVE-2025-27467, CVE-2025-27469, CVE-2025-27470, CVE-2025-27471, CVE-2025-27472, CVE-2025-27473, CVE-2025-27474, CVE-2025-27475, CVE-2025-27476, CVE-2025-27477, CVE-2025-27478, CVE-2025-27479, CVE-2025-27480, CVE-2025-27481, CVE-2025-27482, CVE-2025-27483, CVE-2025-27484, CVE-2025-27485, CVE-2025-27486, CVE-2025-27487, CVE-2025-27490, CVE-2025-27491, CVE-2025-27492, CVE-2025-27727, CVE-2025-27728, CVE-2025-27729, CVE-2025-27730, CVE-2025-27731, CVE-2025-27732, CVE-2025-27733, CVE-2025-27735, CVE-2025-27736, CVE-2025-27737, CVE-2025-27738, CVE-2025-27739, CVE-2025-27740, CVE-2025-27741, CVE-2025-27742, CVE-2025-29808, CVE-2025-29809, CVE-2025-29810, CVE-2025-29811, CVE-2025-29812, CVE-2025-29824
- CVSS Scores
- Base 5.4 / Temporal 4
- Description
-
Microsoft Windows Server Security Update for April 2025
KB5055557
KB5055609
KB5055527
KB5055521
KB5055561
KB5055526
KB5055596
KB5055519
KB5055570
KB5055581
KB5055523
QID Detection Logic (Authenticated):This QID checks for the file version of 'ntoskrnl.exe'.
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
-
Customers are advised to refer following articles for more information on the vulnerabilities and patches.
KB5055557
KB5055609
KB5055527
KB5055521
KB5055561
KB5055526
KB5055596
KB5055519
KB5055570
KB5055581
KB5055523
Patches:
The following are links for downloading patches to fix these vulnerabilities:
KB5055519
KB5055521
KB5055523
KB5055526
KB5055527
KB5055557
KB5055561
KB5055570
KB5055581
KB5055596
KB5055609
-
Microsoft Dynamics Business Central Information Disclosure Vulnerability for April 2025
- Severity
- Serious 3
- Qualys ID
- 92236
- Vendor Reference
- CVE-2025-29821
- CVE Reference
- CVE-2025-29821
- CVSS Scores
- Base 6.5 / Temporal 4.8
- Description
-
Microsoft Dynamics 365 Business Central is an enterprise resource planning system from Microsoft. The product is part of the Microsoft Dynamics family, and shares the same codebase as NAV.
Affected Software: Microsoft Dynamics 365 Business Central 2025 Wave 1 - Update 26.0
Microsoft Dynamics 365 Business Central 2024 Wave 2 - Update 25.6
Microsoft Dynamics 365 Business Central 2023 Wave 2 - Update 23.18
Microsoft Dynamics 365 Business Central Wave 1 2024 - Update 24.12QID Detection Logic(Authenticated):
This authenticated QID flags vulnerable systems by detecting Vulnerable versions for file Microsoft.Dynamics.Nav.Server.exe - Consequence
-
Successful exploit could allow Improper input validation in Dynamics Business Central for an authorized attacker to disclose information locally.
- Solution
-
Customers are advised to refer to CVE-2025-29821 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-29821
-
Microsoft ASP.NET Core Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 92237
- Vendor Reference
- CVE-2025-26682
- CVE Reference
- CVE-2025-26682
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
Microsoft has released February 2024 security updates for .NET Core and ASP.NET Core to fix multiple security vulnerabilities.
Affected versions:
ASP.NET Core and .NET Core 9.0 before version 9.0.4
ASP.NET Core and .NET Core 8.0 before version 8.0.15
QID Detection Logic: Authenticated
On Windows, this QID detects vulnerable versions of Microsoft .NET by checking the file version.
On Linux, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" and "/root/shared/Microsoft.NETCore.App" folders.
On Mac, this QID detects vulnerable versions of Microsoft .NET by checking the .NET version present in "/usr/share/dotnet/shared/Microsoft.NETCore.App/" folder.
- Consequence
- Weak authentication in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
- Solution
-
Customers are advised to refer to CVE-2025-26682 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-26682
-
Visual Studio Tools for Applications (VSTA) Elevation of Privilege Vulnerability
- Severity
- Critical 4
- Qualys ID
- 92239
- Vendor Reference
- CVE-2025-29803
- CVE Reference
- CVE-2025-29803
- CVSS Scores
- Base 6.8 / Temporal 5
- Description
-
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29803 is a vulnerability affecting a Microsoft component due to improper input validation that exposes systems to remote exploitation. The flaw allows attackers to send carefully crafted requests causing parsing errors and triggering arbitrary code execution within the vulnerable process.QID Detection Logic (Authenticated):
VSTA 2022 This checks for a vulnerable version of the file Microsoft.VisualStudio.Tools.Applications.dll before 17.0.35906.1
VSTA 2019 This checks for a vulnerable version of the file VstaComObjectAggregator.dll before 16.0.35907.1
- Consequence
- An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.
- Solution
-
Customers are advised to refer to CVE-2025-29803 for more information on the vulnerability and it's patch.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-29803
-
Microsoft Visual Studio Security Update for April 2025
- Severity
- Serious 3
- Qualys ID
- 92241
- Vendor Reference
- CVE-2025-26682, CVE-2025-29802, CVE-2025-29804
- CVE Reference
- CVE-2025-26682, CVE-2025-29802, CVE-2025-29804
- CVSS Scores
- Base 3.6 / Temporal 2.7
- Description
-
Microsoft has released February 2025 security updates for Visual Studio to fix Remote Code Execution and Elevation of Privilege vulnerabilities.
Affected Versions:
Microsoft Visual Studio 2022 version 17.13 prior to 17.13.6
Microsoft Visual Studio 2022 version 17.12 prior to 17.12.7
Microsoft Visual Studio 2022 version 17.10 prior to 17.10.13
Microsoft Visual Studio 2022 version 17.8 prior to 17.8.20
QID Detection Logic (Authenticated):
Windows
This QID detects vulnerable versions of Microsoft Visual Studio by checking the registry key HKLM\SOFTWARE\Microsoft and file devenv.exe to check the version of the Visual Studio. - Consequence
-
Successful exploitation of this vulnerability requires an attacker to exploit vulnerabilities to gain elevated privileges.
- Solution
-
Customers are advised to refer to CVE-2025-26682 , CVE-2025-29802, CVE-2025-29804 for more information on these vulnerabilities and their patches.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
CVE-2025-29802
-
Microsoft Windows 10 (1507) Security Update for April 2025
- Severity
- Critical 4
- Qualys ID
- 92242
- Vendor Reference
- CVE-2025-21191, CVE-2025-21197, CVE-2025-21204, CVE-2025-21205, CVE-2025-21221, CVE-2025-21222, CVE-2025-24073, CVE-2025-26637, CVE-2025-26641, CVE-2025-26648, CVE-2025-26663, CVE-2025-26665, CVE-2025-26668, CVE-2025-26669, CVE-2025-26670, CVE-2025-26672, CVE-2025-26673, CVE-2025-26679, CVE-2025-26686, CVE-2025-26687, CVE-2025-26688, CVE-2025-27469, CVE-2025-27471, CVE-2025-27472, CVE-2025-27473, CVE-2025-27477, CVE-2025-27478, CVE-2025-27481, CVE-2025-27483, CVE-2025-27484, CVE-2025-27487, CVE-2025-27491, CVE-2025-27727, CVE-2025-27732, CVE-2025-27733, CVE-2025-27735, CVE-2025-27737, CVE-2025-27738, CVE-2025-27741, CVE-2025-27742, CVE-2025-29809, CVE-2025-29810, CVE-2025-29824
- CVE Reference
- CVE-2025-21191, CVE-2025-21197, CVE-2025-21204, CVE-2025-21205, CVE-2025-21221, CVE-2025-21222, CVE-2025-24073, CVE-2025-26637, CVE-2025-26641, CVE-2025-26648, CVE-2025-26663, CVE-2025-26665, CVE-2025-26668, CVE-2025-26669, CVE-2025-26670, CVE-2025-26672, CVE-2025-26673, CVE-2025-26679, CVE-2025-26686, CVE-2025-26687, CVE-2025-26688, CVE-2025-27469, CVE-2025-27471, CVE-2025-27472, CVE-2025-27473, CVE-2025-27477, CVE-2025-27478, CVE-2025-27481, CVE-2025-27483, CVE-2025-27484, CVE-2025-27487, CVE-2025-27491, CVE-2025-27727, CVE-2025-27732, CVE-2025-27733, CVE-2025-27735, CVE-2025-27737, CVE-2025-27738, CVE-2025-27741, CVE-2025-27742, CVE-2025-29809, CVE-2025-29810, CVE-2025-29824
- CVSS Scores
- Base 4.6 / Temporal 3.9
- Description
- Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are impacted
- Consequence
- Successful exploitation of this vulnerability could lead to a security breach or may affect integrity, availability, and confidentiality.
- Solution
- The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available as per Windows 10
These new vulnerability checks are included in Qualys vulnerability signature 2.6.293-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 100423
- 110491
- 110492
- 383057
- 383058
- 92234
- 92235
- 92236
- 92237
- 92239
- 92241
- 92242
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.