Microsoft has released its April 2025 Patch Tuesday update, which brings fixes for 134 different security flaws.
One of these flaws is a serious zero-day vulnerability that hackers have already used in real-world attacks.
Of the 134 bugs fixed this month, 11 are marked as “Critical.” These critical issues mostly involve remote code execution, which means attackers could run harmful code on someone’s computer from a distance.
Here’s a breakdown of the types of bugs fixed in this update:
- 49 Elevation of Privilege Flaws
- 9 Security Feature Bypass issues
- 31 Remote Code Execution bugs
- 17 Information Disclosure flaws
- 14 Denial of Service vulnerabilities
- 3 Spoofing vulnerabilities
Please note: These numbers don’t include other issues like Mariner flaws or 13 Microsoft Edge bugs that were fixed earlier in the month.
One Zero-Day Actively Exploited
Microsoft has confirmed that one of the vulnerabilities has already been used in real attacks. This zero-day flaw is identified as CVE-2025-29824 and affects the Windows Common Log File System Driver. Attackers can use it to gain SYSTEM-level privileges, which gives them full control over the targeted computer.
Right now, updates to fix this zero-day are only available for Windows Server and Windows 11. Windows 10 users will have to wait a bit longer.
“The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available,” said Microsoft. “The updates will be released as soon as possible, and when they are available, customers will be notified.”
Later, Microsoft confirmed that the zero-day flaw was used by the RansomEXX ransomware gang to gain more control over systems and carry out attacks. The issue was discovered by the Microsoft Threat Intelligence Center.
