Microsoft Monthly Security Updates - 20250409001

Overview

Microsoft has released security updates to address 126 vulnerabilities in multiple products, 1 of which have been labeled as exploitation detected.

What is vulnerable?

Known Exploitation

Product(s) Affected	CVE	CVSS	Severity
Vendor listed products and versions	CVE-2025-21391	7.8	High

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within the expected timeframe of 48 hours for internet facing devices and one month for others (refer Patch Management):

• Microsoft: https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr

Additional References

• CISA Known Exploited Vulnerabilities: https://www.cisa.gov/news-events/alerts/2025/04/08/cisa-adds-two-known-exploited-vulnerabilities-catalog

• BleepingComputer: https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/