Article Details
Scrape Timestamp (UTC): 2025-04-08 17:57:59.313
Original Article Text
Click to Toggle View
Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws. Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also fixes eleven "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: The above numbers do not include Mariner flaws and 13 Microsoft Edge vulnerabilities fixed earlier this month. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5055523 & KB5055528 cumulative updates and the Windows 10 KB5055518 update. One actively exploited zero-days This month's Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available. The actively exploited zero-day vulnerability in today's updates is: CVE-2025-29824 - Windows Common Log File System Driver Elevation of Privilege Vulnerability Microsoft says this vulnerability allows local attackers to gain SYSTEM privileges on the device/ The security updates are only available now for Windows Server and Windows 11, with Microsoft releasing the Windows 10 updates later. "The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available," explained Microsoft. "The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information." It is unclear how the flaw was exploited in attacks. Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center. Recent updates from other companies Other vendors who released updates or advisories in April 2025 include: The April 2025 Patch Tuesday Security Updates Below is the complete list of resolved vulnerabilities in the April 2025 Patch Tuesday updates. To access the full description of each vulnerability and the systems it affects, you can view the full report here. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Daily Brief Summary
This month's Microsoft Patch Tuesday has resolved 134 security vulnerabilities, including one zero-day that was actively exploited.
The zero-day flaw, identified as CVE-2025-29824, could allow attackers to elevate privileges to SYSTEM level.
The updates this April include fixes for eleven critical vulnerabilities, specifically targeting remote code execution risks.
Security patches are currently available for Windows Server and Windows 11, with updates for Windows 10 to be released shortly.
The vulnerabilities addressed span various aspects, but full details and affected system specifics can be found in the full Microsoft report.
The discovery of the exploited zero-day was credited to the Microsoft Threat Intelligence Center.
Alongside its regular patch release, Microsoft also disclosed earlier fixes involving Mariner and Microsoft Edge earlier in the month.