Microsoft’s Patch Tuesday safety replace for April included 134 flaws, considered one of which is an actively exploited zero-day flaw.
The safety patches for Home windows 10 have been unavailable when the Home windows 11 patches have been launched. The Home windows 10 patches have since arrived, however the delay was uncommon.
Tyler Reguly, affiliate director of safety R&D at world cybersecurity software program and companies supplier Fortra, instructed in an e-mail to TechRepublic that the 2 separate releases and a 40-minute delay within the Home windows 11 replace may level to one thing uncommon behind the scenes.
SEE: What’s Patch Tuesday? Microsoft’s Month-to-month Replace Defined
CVE-2025-29824 has been detected within the wild
The zero-day vulnerability was CVE-2025-29824, an elevation of privilege bug within the Home windows Frequent Log File System (CLFS) Driver.
“This vulnerability is significant because it affects a core component of Windows, impacting a wide range of environments, including enterprise systems and critical infrastructure,” Mike Walters, president and co-founder of patch automation firm Motion, wrote in an e-mail. “If exploited, it allows privilege escalation to SYSTEM level—the highest privilege on a Windows system.”
Elevation of privilege assaults require the menace actor to have a foothold within the system first.
“Elevation of privilege flaws in CLFS have become especially popular among ransomware operators over the years,” Satnam Narang, Tenable’s senior workers analysis engineer, mentioned in an e-mail.
“What makes this vulnerability particularly concerning is that Microsoft has confirmed active exploitation in the wild, yet at this time, no patch has been released for Windows 10 32-bit or 64-bit systems,” Ben McCarthy, lead cybersecurity engineer at safety coaching firm Immersive, added. “The lack of a patch leaves a critical gap in defense for a wide portion of the Windows ecosystem.”
The delayed rollout of Home windows 10 patches — paired with a 40-minute delay within the Home windows 11 replace — provides additional weight to issues about inner disruptions or challenges at Microsoft. Whereas the explanation for the delay stays unclear, safety researchers are paying attention to the timing, notably given the lively exploitation of CVE-2025-29824.
CVE-2025-29824 has been exploited towards “a small number of targets” in “organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia,” Microsoft disclosed.
“I was recently discussing CLFS vulnerabilities and how they seem to come in waves,” Reguly famous. “When a vulnerability in CLFS is patched, people tend to dig around and look at what’s going on and come across other vulnerabilities in the process. If I was a gambler, I would bet on CLFS appearing again next month.”
Distant code execution and Microsoft Workplace flaws are frequent patterns
Different notable elements of April’s Patch Tuesday embody a repair for CVE-2025-26663, a important flaw that might have an effect on organizations working Home windows Light-weight Listing Entry Protocol (LDAP) servers.
Reguly highlighted CVE-2025-27472, a vulnerability in Mark of the Net (MOTW) that Microsoft listed as Exploitation Extra Possible. “It is common to see MOTW vulnerabilities utilized by threat actors,” he mentioned. “I wouldn’t be surprised if this is a vulnerability that we see exploited in the future.”
SEE: Select the best safety functions for your enterprise by balancing options, knowledge storage, and price.
Microsoft launched a number of patches for CVEs in Workplace (CVE-2025-29791, CVE-2025-27749, CVE-2025-27748, and CVE-2025-27745). Microsoft Workplace’s recognition means these vulnerabilities have the potential for widespread issues, though all of them require profitable social engineering or distant code execution to inject a malicious file.
Whereas a few of these CVEs enabled distant code execution (RCE), this month’s Patch Tuesday advised a unique story general.
“For the first time since August 2024, Patch Tuesday vulnerabilities skewed more towards elevation of privilege bugs, which accounted for over 40% (49) of all patched vulnerabilities,” Narang mentioned. “We typically see remote code execution (RCE) flaws dominate Patch Tuesday releases, but only a quarter of flaws (31) were RCEs this month.”
Reguly famous that Workplace, browsers, and MOTW have typically appeared in Patch Tuesday updates currently.
“If I were an infosec buyer, think CISO, I’d be looking at the trends in Microsoft vulnerabilities – recurring and commonly exploited technologies like Office, Edge, CLFS, and MOTW – and I’d be asking my vendors how they are helping me proactively defend against these types of vulnerabilities,” he mentioned.
Apple releases massive safety replace
As KrebsonSecurity identified, Apple customers shouldn’t neglect about safety patches.
Apple launched a big safety replace on March 31, addressing some actively exploited vulnerabilities. Basically, Patch Tuesday is an efficient time for organizations to push updates to company-owned units.
Contemplate backing up units earlier than updating in case one thing breaks within the newly put in software program.
