Microsoft’s April Patch Tuesday Fixes 134 Flaws

On the second Tuesday of each month, Microsoft releases its “Patch Tuesday” security update for Windows. This patch typically includes a series of security fixes for vulnerabilities discovered since the latest update. For April, Microsoft patched a whopping 134 security flaws, which includes a zero-day actively exploited in the wild.

As reported by BleepingComputer, the following is a full breakdown of each type of security flaw Microsoft issued with its April Patch Tuesday:

• 49 Elevation of Privilege Vulnerabilities
• 31 Remote Code Execution Vulnerabilities
• 17 Information Disclosure Vulnerabilities
• 14 Denial of Service Vulnerabilities
• 9 Security Feature Bypass Vulnerabilities
• 3 Spoofing Vulnerabilities

While all of these are important patches in their own right, the most essential of the bunch is CVE-2025-29824. This is an elevation of privilege vulnerability affecting the Windows Common Log File System Driver. When exploited, bad actors can gain system privileges on your computer. (Microsoft says a fix is not yet available for Windows 10 LTSB 2015, but a patch is in the works.)

What makes this particular elevation of privilege vulnerability so important is that it is a zero-day. Zero-days are security flaws made public or exploited before the developer of the software has a chance to issue a patch. As such, it dramatically increases the chances that bad actors can use the flaw to target users. In this case, Microsoft is aware that CVE-2025-29824 has been exploited in the wild, which means it’s imperative to update your machine as soon as possible.

Of course, all of the 134 patches here are important. Even if the others haven’t been exploited at the time of the security patch, it’s only a matter of time before bad actors discover how to exploit them. Then, they can target users who aren’t running the latest security software.

To update your PC, go to Start > Settings > Windows Update, then choose “Check for Windows updates.”