THREAT BRIEF (HIGH): Microsoft’s April 2025 Patch Tuesday

Microsoft has released its April 2025 Patch Tuesday security updates, providing fixes for a total of 126 vulnerabilities, including one actively exploited zero-day vulnerability. Of the patches released, 11 are rated “Critical”, all are remote code execution vulnerabilities.

The actively exploited zero-day vulnerability  can be found below:

CVE-2025-29824 – An important elevation of privilege vulnerability affecting Windows Common Log File System and has a CVSS score of 7.8. This could allow a remote attacker to run arbitrary code on a victim machine after tricking a victim into either opening a malicious file from an email or message, or navigating to an adversary-owned website. Updates for Windows 10 32-bit and x64 systems are pending release.

What should I do?

Microsoft shared more details about how the vulnerability was exploited as a zero-day. The attacks were linked to the RansomEXX ransomware gang, which it tracks as Storm-2460, to gain elevated privileges. The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia,

The complete list of all the other vulnerabilities released for Microsoft’s April 2025 Patch Tuesday update can be found here.

Organizations should review the April 2025 security updates, apply patches to affected systems as soon as possible, and regularly scan the environment to identify systems yet to be patched.

• Patching should focus on the actively exploited vulnerability described above and critical vulnerabilities.
• Reviewing individual CVEs from Microsoft will also provide workarounds/mitigations if immediate patching is not possible.