Microsoft Patch Tuesday April 2025

This month’s Patch Tuesday has landed, addressing a total of 134 vulnerabilities across its products—including a zero-day vulnerability that is known to be actively exploited in the wild.

Among the fixes are 11 critical issues, all of which could allow remote code execution—a particularly high-risk class of vulnerability where an attacker can run code on a target machine without consent.

Breakdown of the Flaws

The security issues patched this month include:

•    49 Elevation of Privilege vulnerabilities
•    9 Security Feature Bypass flaws
•    31 Remote Code Execution vulnerabilities
•    17 Information Disclosure issues
•    14 Denial of Service vulnerabilities
•    3 Spoofing vulnerabilities

Please note, this total does not include updates previously issued for Microsoft Edge or Mariner.

Zero-Day in the Spotlight

The headline issue this month is CVE-2025-29824, a vulnerability in the Windows Common Log File System Driver. Microsoft has confirmed that this flaw has been exploited by attackers and allows local privilege escalation to SYSTEM level—essentially granting an attacker full control over a compromised machine.

This particular exploit has been linked to the RansomEXX ransomware group, who are known for targeting organisations with high-value extortion demands. The vulnerability was discovered by the Microsoft Threat Intelligence Center, and a fix is now available for Windows Server and Windows 11 users. Updates for Windows 10 are still pending but expected shortly.

Microsoft has acknowledged the delay, stating:

“The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available. Updates will be released as soon as possible, and customers will be notified via a revision to this CVE information."

Security Updates from Across the Industry

Microsoft isn’t the only one patching critical vulnerabilities this month. Here's a quick look at notable updates from other tech vendors in April 2025:

•    Apache addressed a severe RCE issue in Apache Parquet.
•    Apple released patches for previously exploited flaws, extending support to older devices.
•    Google issued fixes for 62 Android vulnerabilities, including two zero-days under active attack.
•    Ivanti patched a critical RCE flaw in Connect Secure, reportedly targeted by Chinese threat actors.
•    Fortinet resolved multiple issues, including one that allowed admin passwords to be reset in FortiSwitch.
•    MikroTik published updates as part of its April bulletin.
•    MinIO urged users to update following a signature validation flaw in trailer uploads.
•    SAP fixed multiple issues, including three critical vulnerabilities across its enterprise products.
•    WinRAR resolved an issue affecting the propagation of security markings on extracted files.

Stay Informed and Secure

Cyber threat actors continue to move quickly, exploiting known vulnerabilities before organisations have a chance to patch. We strongly recommend prioritising these updates—especially the zero-day fix—for systems running Windows 11 and Windows Server.

For those managing Windows 10 environments, keep an eye out for Microsoft's pending patch and apply it as soon as it's available.

If you’d like support with vulnerability management or want to understand how these threats could affect your organisation, get in touch with our team or explore how our platform can help simplify patching and reduce cyber risk.