Microsoft’s Latest Patch Tuesday Fixes 134 Security Vulnerabilities
Microsoft released the April 2025 Patch Tuesday update, which fixes 134 malicious bugs in its systems, including one zero-day exploit. Windows and Microsoft users should ensure that their devices have the latest patches.
April 2025 Update Tuesday Updates.
One of the vulnerabilities patched this month was a zero-day vulnerability, which is used or publicly disclosed before developers release an official patch.
The active exploit, designated CVE-2025-29824, is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. The vulnerability, discovered by the Microsoft Threat Intelligence Center, allowed local attackers to gain system privileges. According to Bleeping Computer , this zero day was exploited by the RansomEXX ransomware gang.
Microsoft has released a patch for Windows Server and Windows 11 and plans to notify users about security updates for Windows 10 for 64-bit systems and Windows 10 for 32-bit systems.
The April update fixes 49 privilege escalation bugs, nine security feature bypass bugs, 31 remote code execution bugs, 17 information disclosure bugs, 14 denial of service bugs, and three spoofing bugs.
Eleven remote code execution vulnerabilities were classified as “critical” and were found in Microsoft Office, Microsoft Office Excel, Remote Desktop Gateway Service, Windows Hyper-V, Windows LDAP and Windows TCP/IP. This month, Microsoft also released fixes for vulnerabilities in Mariner and 13 Microsoft Edge bugs.
What Microsoft users need to do
Security updates for Windows and Microsoft are usually downloaded and installed automatically, but you can check the status of your computer by going to Start > Settings > Windows Update and selecting Check for Windows Updates. Patch Tuesday patches are released on the second Tuesday of every month at 10 a.m. PT, so now is a good time to make sure your system is up to date.