Major Patch Tuesday Update Brings Hundreds of Fixes and Critical Vulnerabilities
83Microsoft’s Patch Tuesday for April is one of the biggest in recent memory. It includes 165 updates that patch around 340 security vulnerabilities across various Microsoft products. Among these are two zero-day flaws, one of which is actively being exploited in the wild. This means Windows admins will need to act quickly to keep systems protected.
What You Need to Know About the Updates
The April release covers a wide range of products including Windows, Office, Microsoft Edge (Chromium), SQL Server, and developer tools like .NET. The Microsoft Readiness team is strongly recommending that organizations prioritize applying these patches immediately for most major platforms. They even created an infographic to help visualize the deployment risks associated with each product, making it easier for IT teams to plan their updates.
One notable aspect of this release is the inclusion of a zero-day vulnerability in Microsoft Office, which is already being exploited by attackers. This highlights the importance of applying the patches quickly to prevent potential breaches. Microsoft also announced that Phase 2 of their Kerberos RC4 hardening is underway, with full enforcement scheduled for July. This is part of their ongoing efforts to enhance security protocols across their environments.
Known Issues and Fixes
There is a known issue specific to Windows 11 25H2. Devices with BitLocker enabled and certain Group Policy settings may be prompted for a recovery key on the first restart after installing the update. Microsoft recommends removing the specific Group Policy setting and running a command to refresh policies before updating to avoid this problem.
Luckily, Microsoft has already addressed several issues with the latest update. KB5083769, for instance, fixes problems related to device reset failures, Secure Boot certificate updates, SMB compression over QUIC, and Remote Desktop security prompts. These fixes improve device recovery options, enhance security transparency, and ensure more reliable remote connections.
Although there are no major revisions announced for Windows or Office this month, updates to Azure and Microsoft Edge are significant. Microsoft documented four critical vulnerabilities in Azure that don’t require user action. Additionally, they re-published dozens of security fixes from Chrome’s upstream updates, which Microsoft then incorporated into Edge. Over the past 30 days, 145 CVEs affected Edge, emphasizing the importance of keeping browsers up to date.
Overall, this Patch Tuesday marks a busy month for IT teams. With so many fixes and vulnerabilities patched, organizations need to review their update plans carefully. Staying on top of these patches is crucial to maintaining security and system stability across all Microsoft products.
What do you think?
It is nice to know your opinion. Leave a comment.