April 2025 Patch Tuesday: Microsoft addressed 126 vulnerabilities, including 1 actively exploited in the wild

Microsoft has rolled out its April 2025 Patch Tuesday updates, addressing critical security risks across its software ecosystem. The update resolves 126 vulnerabilities which includes 1 that it said has been actively exploited in the wild. The patches aim to strengthen defenses against potential cyberattacks. Users are advised to update immediately.
On Patch Tuesday, 08 April 2025 Microsoft has released fixes for 126 flaws including 1 which is actively exploited and also 9 non-Microsoft CVEs.
The major categories for these vulnerabilities are as follows:
● Elevation of Privilege – 49
● Security Feature Bypass – 09
● Denial of Service – 14
● Remote Code Execution (RCE)- 34
● Information Disclosure – 17
● Spoofing – 3
Of the vulnerabilities addressed this month, approximately 26% were related to Remote Code Execution, while 38.8% were related to Elevation of Privilege.
Vulnerability that has been flagged as under active attack is an elevation of privilege (EoP) flaw impacting the Windows Common Log File System (CLFS) Driver is CVE-2025-29824.
Some other critical vulnerabilities patched this month include a security feature bypass (SFB) issue in Windows Kerberos (CVE-2025-29809), along with remote code execution vulnerabilities in Windows Remote Desktop Services (CVE-2025-27480, CVE-2025-27482) and Windows Lightweight Directory Access Protocol (CVE-2025-26663, CVE-2025-26670).
9 non-Microsoft CVEs are:
● CVE-2025-3066
● CVE-2025-3067
● CVE-2025-3068
● CVE-2025-3069
● CVE-2025-3070
● CVE-2025-3071
● CVE-2025-3072
● CVE-2025-3073
● CVE-2025-3074

All the above-mentioned CVEs are related to Chromium based vulnerabilities (Microsoft Edge).

Apart from Microsoft few other vendors have also provided fixes:
Adobe: Adobe released updates for applications including Adobe Photoshop, ColdFusion, FrameMaker and Animate.

Apple: Apple released updates for Apple Watch Series 6 and later.

Cisco: Cisco released updates for its products including Cisco Smart Licensing Utility and Cisco NX-OS Software Image.

Google: Google has released updates to patch vulnerabilities in Google Cloud.

Ivanti: Ivanti released updates for its products including Ivanti Endpoint Manager,  Ivanti Connect Secure, Policy Secure & ZTA Gateways

SAP: SAP released updates for multiple products including SAP S/4HANA and SAP Financial Consolidation.

Here are 10 essential pieces of advice for users regarding Microsoft’s April 2025 Patch Tuesday updates:

1. Update Immediately: Install the April 2025 Patch Tuesday updates as soon as possible. Microsoft has addressed four zero-day vulnerabilities that are actively exploited in the wild, so prompt action will minimize risk.
2. Prioritize Critical Systems: If managing a large IT environment, prioritize updating critical systems such as Windows servers and workstations first, especially those exposed to external networks, to quickly bolster key defenses.
3. Use Microsoft Update Tools: Ensure that automatic updates are enabled in Windows Update for personal devices, and consider using centralized tools like Windows Server Update Services (WSUS) or Microsoft Endpoint Configuration Manager for enterprise environments.
4. Secure Edge and Office Applications: Make sure to update Microsoft Edge and Office applications, as some of the vulnerabilities affect these programs. Keeping them updated helps protect against potential threats targeting popular productivity tools.
5. Patch All Network-Exposed Devices: Network-exposed devices are particularly vulnerable to attacks. Make sure to patch any device connected to the internet or other untrusted networks, including endpoints and remote machines.
6. Disable Workarounds Where Applicable: If any previous workarounds or temporary mitigations were applied to address vulnerabilities, review and disable them after applying the patches to ensure software functionality returns to normal.
7. Educate Users on Phishing and Social Engineering: The patch addresses vulnerabilities that could be exploited via malicious links or attachments. Reinforce user education on avoiding suspicious emails, links, and attachments.
8. Monitor for Anomalous Activity: Since these vulnerabilities have been actively exploited, monitor logs and endpoint activity for unusual behavior that might indicate attempted exploitation or malware activity.
9. Backup Critical Data: Ensure that recent backups of important data are available and secure. While this is a general best practice, it is especially critical during periods of heightened vulnerability due to zero-day risks.
10. Review Microsoft’s Security Documentation: Microsoft often provides technical details on vulnerabilities and affected systems in their security bulletins. Review these documents to fully understand the patches’ scope and any additional steps required in your environment.