Summary: April 2025’s Microsoft Patch Tuesday addressed 135 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that has been actively exploited in ransomware attacks. This month’s update marks a decrease in zero-day vulnerabilities reported compared to March and includes several high-risk vulnerabilities, particularly impacting SharePoint and Windows Remote Desktop Services. In total, Microsoft has reported 405 vulnerabilities for the year, with 12 being actively exploited.
Affected: Microsoft and other IT vendors
Keypoints :
- Zero-day vulnerability CVE-2025-29824 rated at 7.8 allows local privilege escalation.
- 11 high-risk vulnerabilities range in severity up to 8.8, with significant risks for SharePoint and Windows Remote Desktop Services.
- Microsoft Patch Tuesday April 2025 features 126 Microsoft vulnerabilities and nine Chrome/Microsoft Edge vulnerabilities.
- Overall, 405 vulnerabilities reported this year, marking 12 actively exploited zero-days.
- Other vendors also issued patches on the same day, in line with the second Tuesday of the month.
Source: https://thecyberexpress.com/microsoft-patch-tuesday-april-2025/