Microsoft April 2025 Patch Tuesday: Fixing 121 Vulnerabilities, Including a Critical Zero-Day

Microsoft has rolled out its April 2025 Patch Tuesday update, addressing 121 security vulnerabilities across its software ecosystem.

This comprehensive update includes fixes for critical issues such as the elevation of privilege, remote code execution, and information disclosure vulnerabilities.

Among the patched flaws is a zero-day vulnerability actively exploited in the wild, underscoring the urgency for users and administrators to apply the updates promptly.

Breakdown of Vulnerabilities

The 121 vulnerabilities span multiple categories, with several classified as critical due to their potential to compromise systems or disrupt operations. Below is a detailed breakdown:

• Elevation of Privilege: 49 vulnerabilities
• Remote Code Execution: 31 vulnerabilities
• Information Disclosure: 16 vulnerabilities
• Denial of Service: 14 vulnerabilities
• Security Feature Bypass: 9 vulnerabilities
• Spoofing: 1 vulnerability
• Zero-Day Exploit: 1 vulnerability

The Zero-Day Vulnerability: CVE-2025-29824

The most concerning issue in this update is CVE-2025-29824, a zero-day vulnerability actively exploited prior to the release.

This elevation of privilege ...