Patch Tuesday: Microsoft Fixes 134 Vulnerabilites, Including 1 zero-day
Microsoft’s Patch Tuesday Security Update for April Included 134 Flaws, One of which is an actively exploated zero-day flw.
The security patches for windows 10 was unavailable with the windows 11 patches was released. The Windows 10 Patches Have Since Arrived, but the delay was unusual.
Tyler reguly, associate director of security r & d at global cybersecurity software and services provider fortra, sugged in an email to techrepublic that the two people relays Delay in the Windows 11 Update Might Point to Something Unusual Behind the Scenes.
See: What is Patch Tuesday? Microsoft’s monthly update explained
Cve-2025-29824 has been detected in the wild
The zero-day vulnerability was cve-2025-29824, an Elevation of Privilege Bug in the Windows Common Log File System (CLFS) Driver.
“This vulnerability is significant because it affects a core component of windows, impacting a wide range of environment of environment, interprise system and critical infrastructures,” President and Co-Founder of Patch Automation Company Action, Wrote in an email. “If exploited, it allows Privilege Escalation to System Level – The Highest Privilege on a Windows System.”
Elevation of Privilege Attacks Require the Threat Actor to have a Foothold in the system first.
“Elevation of Privilege Flaws in CLFS Have BECOME ESPECIALLY POPULARLY POPULAR MANSOMRE Operators Over the Years,” Satnam Narang, Tenable’s Senior Staff Research Engineer, Said in an email.
“What Makes This Vulnerability Particularly Concerning is that Microsoft has confirmed ACTIVE EXPLIETATION In the Wild, Yet at this time, No Patch Has Been Released For Windows 10 32-BIT SYSTEMS,” McCarthy, lead cybersecurity engineer at security training company immersive, added. “The Lack of a Patch Leaves a Critical Gap in Defense for a Wide Portion of the Windows EcoSystem.”
The delayed rollout of windows 10 patches-paired with a 40-minute delay in the windows 11 update-Adds further weight to concerns about internal disrupttions or Challenges at Microsoft. While the reason for the delay remain unchalar, Security Researchers are Taking Note of the Timing, Particularly Given The Active Exploitation of Cve-2025-29824.
Cve-2025-29824 has been exploited against “a small number of targets” in “Organizations in the information technology (it) and real estate sector of the united states, the financial sector in venezuelaa, Spanish software company, and the retail sector in Saudi Arabia, ” Microsoft disclosed,
“I was recently discussing CLFS Vulnerability and how they see to come in waves,” Reguly noted. “When a vulnerability in clfs is patched, people tend to diger and look at what’s going on and come across other vulnerabilites in the process. IF I was a gambler, I was a gambler Again next month. “
Remote Code Execution and Microsoft Office Flaws are Common Patterns
Other Notable Parts of April’s Patch Tuesday Include a Fix for Cve-2025-26663, A Critical Flaw That Block Affect Organizations Running Windows LightWeIGT DIRECTORY ACCESS PROTOCOL (Ldap) servers.
Reguly highlighted cve-2025-27472, a vulnerability in mark of the web (motw) that microsoft listed as exploitation more likely. “It is common to see motw vulnerabilites utilized by Threat actors,” He said. “I wouldn’t be surprised if this is a vulnerability that we see exploited in the future.”
See: Choose the right security applications for your business by balance features, data storage, and cost.
Microsoft Released Multiple Patches for Cves in Office (CVE-2025-29791, Cve-2025-27749, CVE-2025-27748, and Cve-2025-27745). Microsoft Office’s Popularity Means these vulnerabilites have the potential for widespread problems, although they all require successering or remote code execution to injact Malicious File.
While some of these cves enabled remote code execution (RCE), this month’s patch tuesday told a different story overall.
“For the first time since August 2024, Patch Tuesday Vulnerabilites Skewed More Towards Elevation of Privilege Bugs, Whoch Accounted For Over 40% (49) of all PATCED VULNERABILITIES,” “We Typically See Remote Code Execution (RCE) Flaws Dominate Patch Tuesday Releases, but only a Quarter of Flaws (31) Were Races This Month.”
Reguly noted that office, browsers, and motw have often appeared in patch tuesday updates lately.
“If I was an infosec buyer, think ciso, I’d be looking at the trends in microsoft vulnerability – recurring and commonly exploated technologies like office, edge, clofs, clofs, and I! My vendors how they are helping me proactively Defend against these types of vulnerabilityes, ”He said.
Apple Releases Large Security Update
As Krebsonsecurity Pointed out, apple users should for forget about security patches.
Apple Released A Large Security Update on March 31, Addressing some actively exploited vulnerabiits. In General, Patch Tuesday is a Good Time for Organizations to Push Updates to Company-Owned Devices.
Consider Backing Up Devices Before Updating in Case Something Breaks in the newly installed software.
