Summary: Microsoft’s April 2025 Patch Tuesday addresses 134 vulnerabilities, including one actively exploited zero-day and multiple critical flaws that enable remote code execution. The updates are currently available for Windows Server and Windows 11, with Windows 10 updates expected shortly. Affected organizations should prioritize these updates to protect their systems from potential exploits.
Affected: Microsoft (Windows, Microsoft Office, Microsoft Edge, etc.)
Keypoints :
- Includes one actively exploited zero-day: CVE-2025-29824.
- Fixes eleven “Critical” vulnerabilities, all enabling remote code execution.
- Categorized vulnerabilities include 49 Elevation of Privilege, 9 Security Feature Bypass, and 17 Information Disclosure vulnerabilities.
- Updates for Windows 10 to follow shortly after initial releases for Windows 11 and Windows Server.
- Notable updates also released by other vendors such as Apache, Apple, and Google for various security issues.