Microsoft Patch Tuesday: 134 Vulnerabilities Fixed, Zero-Day CVE-2025-29824 Addressed
Do Son 
As part of its April Patch Tuesday update, Microsoft has addressed 134 vulnerabilities, including a critical zero-day flaw that had already been actively exploited in the wild. The majority of the patches target privilege escalation and remote code execution issues, underscoring their vital importance to both corporate and governmental infrastructure.
Of the total fixes, 11 were classified as critical, all pertaining to remote code execution vulnerabilities. These flaws potentially allow attackers to execute arbitrary code on targeted devices without physical access, thereby warranting immediate remediation.
The breakdown of vulnerabilities is as follows: 49 relate to privilege escalation, 9 to security feature bypass, 31 to remote code execution, 17 to information disclosure, 14 to denial-of-service, and 3 to spoofing. Notably, this count excludes previously patched vulnerabilities in the Microsoft Edge browser and the Mariner operating system.
One vulnerability in particular—CVE-2025-29824—commands special attention. Actively exploited prior to being patched, it has been designated as a zero-day. Found in the Windows Common Log File System driver, this flaw allowed a local attacker to escalate privileges to SYSTEM level on a vulnerable machine. The RansomEXX ransomware group is known to have leveraged this vulnerability in live attacks to gain control of targeted systems.
Microsoft has stated that patches for this vulnerability are currently available only for Windows Server and Windows 11, with Windows 10 fixes still under development. The company has promised to notify users of their release via updates to the CVE description.
The vulnerability was analyzed by experts from the Microsoft Threat Intelligence Center, who closely monitor cybercriminal activity and respond swiftly to zero-day threats. According to their findings, prompt detection and investigation were instrumental in containing the threat before it could proliferate widely.
In addition to the security fixes, Microsoft has also released cumulative updates—KB5055523 and KB5055528 for Windows 11, and KB5055518 for Windows 10—that bring system stability and performance enhancements. However, these updates do not include any security patches and are distributed separately.
Windows users are strongly advised to install all available updates without delay, particularly those running Windows 11 or server editions. In an era of rising ransomware threats and privilege escalation attacks, timely patching remains a cornerstone of cyber resilience.
