On April 8, 2025, Microsoft released its monthly security updates, addressing a total of 134 vulnerabilities across various products. This comprehensive update includes fixes for 11 critical issues and one zero-day vulnerability that has been actively exploited. 

Zero-Day Vulnerability

The most notable fix in this release is for CVE-2025-29824, a use-after-free vulnerability in the Windows Common Log File System (CLFS). This flaw could allow attackers to gain SYSTEM privileges on affected systems and has been actively exploited in the wild. 

Critical Vulnerabilities

Among the 11 critical vulnerabilities addressed, the majority are remote code execution (RCE) flaws. These vulnerabilities pose significant risks as they could enable attackers to execute arbitrary code remotely on vulnerable systems. 

Product-Specific Updates

For Windows 11 users, cumulative updates KB5055523 and KB5055528 have been released for versions 24H2 and 23H2, respectively. These updates address security vulnerabilities and include various improvements. 

Additionally, on Copilot+ PCs, the April 2025 Patch Tuesday update introduces a new AI-powered Windows Search experience, along with enhancements to the Voice Access and Live Captions features. 

Recommendations

Given the severity of the vulnerabilities addressed, especially the actively exploited zero-day, it is strongly recommended that users and system administrators prioritize applying these updates to safeguard their systems against potential threats.

For a comprehensive list of all addressed vulnerabilities and their details, refer to Microsoft's Security Update Guide. 

https://msrc.microsoft.com/update-guide