May “In the Trend of VM” (#15): vulnerabilities in Microsoft Windows and the Erlang/OTP framework. A traditional monthly vulnerability roundup. 
Post on Habr (rus)
Digest on the PT website (rus)
A total of 4 trending vulnerabilities:
Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-29824) Elevation of Privilege – Windows Process Activation (CVE-2025-21204) Spoofing – Windows NTLM (CVE-2025-24054) Remote Code Execution – Erlang/OTP (CVE-2025-32433)
About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before file access (CWE-59).
On April 14, researcher Elli Shlomo (CYBERDOM) published a write-up and exploit code to gain SYSTEM privileges. On April 27, after reports that the exploit didn’t work, he removed it and promised to revise it. 
Exploitability remains unclear.
On April 22, researcher Kevin Beaumont reported that the fix for this vulnerability, involving the creation of the folder, introduces a new denial-of-service vulnerability. It allows non-admin users to block the installation of Windows security updates. Microsoft responded that they don’t plan to fix it promptly. 
For now, it’s recommended to monitor for malicious activity.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.