For April, A Large ‘dynamic’ Patch Tuesday Release

IT admins will beryllium engaged this month: nan latest spot update from Microsoft includes 126 fixes, including 1 for an exploited Windows flaw and 5 captious patches for Office.

This month’s Patch Tuesday merchandise is ample (126 patches), wide and unluckily very dynamic, pinch respective re-releases, missing files and surgery patches affecting some nan Windows and Office platforms. 

Reports of an exploited Windows vulnerability (CVE-2025-29824) lead to a “Patch Now” proposal for Windows — and nan Office updates will require contiguous testing and immoderate clip to guarantee each patches are coming and correct. Fortunately, SQL Server updates impact only nan SQL Server Management Studio application. Both nan browser and improvement instrumentality patches tin beryllium deployed connected a modular merchandise schedule. 

To help, the Readiness team crafted this useful infographic detailing nan risks associated pinch each of nan updates for this cycle. (And here’s a look astatine the last six months of Patch Tuesday releases.)

Known issues 

This Patch Tuesday merchandise includes galore updates addressing issues (aka problems) created by nan March spot update. In summation to our modular Windows known issues, we besides person Microsoft Office issues to address, including:

• Microsoft Word, Microsoft Excel, and Microsoft Outlook mightiness extremity responding aft you instal the KB5002700 information update for Office 2016. This rumor is fixed successful nan update for Office 2016 (KB5002623).
• Citrix (System Guard Runtime Monitor Broker Service) The Windows Event Viewer mightiness show an correction related to SgrmBroker.exe connected devices that installed Windows updates released Jan. 14, 2025 aliases later. Microsoft has not published a hole yet, though location are several registry keys that tin beryllium added to nan target strategy to mitigate nan issue.
• Microsoft Active Directory: Audit Logon/Logoff events successful nan section argumentation of nan Active Directory Group Policy mightiness not show arsenic enabled — moreover if they are enabled and working. Microsoft is moving connected a resolution; mitigating actions tin beryllium recovered successful this Microsoft bulletin (KB5055519).
• Windows Hello. Microsoft has reported what is described arsenic an separator case: “After installing this update and performing a Push fastener reset aliases Reset this PC from Settings > System > Recovery and selecting Keep my Files and Local install, immoderate users mightiness beryllium incapable to login to their Windows services utilizing Windows Hello facial nickname aliases PIN.”

Microsoft advises that systems pinch Secure Launch or DRTM enabled anterior to this update, aliases those pinch these features disabled, are not affected.

Major revisions and mitigations

This is simply a immense week for delayed patches (Windows 10) and existent changes to Microsoft updates that require further attention.

The pursuing Microsoft CVE entries person archiving updates only:

• CVE-2025-21204 : Windows Process Activation Elevation of Privilege Vulnerability
• CVE-2025-26647 : Windows Kerberos Elevation of Privilege Vulnerability
• CVE-2025-27740: Active Directory Certificate Elevation of Privilege Vulnerability

The pursuing 2 updates person documented mitigations that mightiness thief pinch their deployments:

• CVE-2025-26647: Windows Kerberos Elevation of Privilege Vulnerability. Microsoft is concerned that non-valid input validation successful Windows Kerberos could let an unauthorized attacker to elevate privileges complete a network. While nary circumstantial mitigations person been offered, Microsoft recommended you travel the Update, Monitor and Act methodology for each Kerberos implementations.

• CVE-2025-21197: Windows NTFS Information Disclosure Vulnerability. This is Microsoft’s 2nd effort successful addressing this record strategy vulnerability. Unfortunately, location whitethorn beryllium unexpected app compatibility issues pinch this latest change. You tin find much accusation connected nan imaginable effect and really to enable/disable it here: KB5058189.

These updates whitethorn require attraction arsenic they subordinate to grounded installs and missing files:

• CVE-2025-27745: Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-27747: Microsoft Word Remote Code Execution Vulnerability
• CVE-2025-27748: Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-27749: Microsoft Office Remote Code Execution Vulnerability
• CVE-2025-27752: Microsoft Excel Remote Code Execution Vulnerability
• CVE-2025-29791: Microsoft Excel Remote Code Execution Vulnerability
• CVE-2025-29792: Microsoft Office Elevation of Privilege Vulnerability
• CVE-2025-29793: Microsoft SharePoint Remote Code Execution Vulnerability
• CVE-2025-29794: Microsoft SharePoint Remote Code Execution Vulnerability
• CVE-2025-29820: Microsoft Word Remote Code Execution Vulnerability

That is so a batch of patches to review; nan Readiness squad recommends reference nan latest spot guidance for them here: KB5002700. 

Windows lifecycle and enforcement updates

Microsoft did not people immoderate enforcement updates for April, but nan pursuing Microsoft products are nearing their end-of-service life cycles:

• Windows 11 Enterprise (Home, Education and IoT) Version 22H2 reaches extremity of support connected Oct. 14, 2025.
• Windows Server Annual Channel, Version 23H2 reaches extremity of work connected Oct. 24, 2025

For those who were expecting nan Microsoft virtualization technology App-V to expire past April, this now aging exertion has had its servicing and support extended to April 2026. Microsoft has promised not to deprecate nan App-V sequencer (like ever), which makes maine smile.

The squad astatine Readiness has analyzed nan latest Patch Tuesday updates and provides detailed, actionable testing guidancevbased connected a ample exertion portfolio and a broad study of nan patches and their imaginable effect connected Windows and app deployments.

This month’s merchandise brings broad, but non-disruptive, changes crossed nan Windows platform. While location are nary functional changes reported, this update rhythm touches captious components crossed security, networking, media, and halfway strategy services. 

Here’s what endeavor IT teams and testers request to look retired for.

Security and authentication

Several updates target halfway personality and authentication components, peculiarly lsasrv.dll, ci.dll, and skci.dll. These underpin scenarios involving Windows Hello, PIN logins, and certificate services. Even though branded debased risk, these areas are foundational and request other attraction successful testing:

• Windows Defender Application Control (WDAC): Validate AppID tagging and argumentation updates post-reboot.
• LSASS (Local Security Authority Subsystem Service): Test authentication crossed AAD, AD, and workgroups. Use devices for illustration runas.exe and corroborate nary regressions in NTLM, Kerberos, aliases certificate-based flows.
• BitLocker and VBS Security: Windows Hello and VPN connections should activity uninterrupted. Reboot testing is basal to drawback imaginable bootloader integrity issues.

Networking and distant access

This merchandise includes updates to aggregate RRAS-related DLLs (ipmontr.dll, ipsnap.dll, mprapi.dll), netbt.sys, and tcpip.sys, each of which underpin Windows’ networking stack.

• RRAS and Netsh: Validate distant configuration and scripting scenarios. Commands for illustration netsh interface and MMC snap-ins must execute without issues.
• NetBIOS Controls: Non-admin users successful nan Network Configuration Operators group should only impact allowed scopes. Test firewall rules and registry protection.
• HTTP.sys and Web Services: Host soul web services and simulate browser-based postulation to corroborate accordant consequence behaviour nether load.

Remote desktop and virtualization

Remote Desktop Protocol (RDP) support remains a high-impact area and will require validation pinch nan pursuing testing recommendations:

• Remote Desktop Gateway (RDGW): Confirm cross-user connections, convention persistence (reconnects, logins), and stableness crossed Windows Server editions.
• Virtualization pinch VHDs: Validate NTFS volume mount/dismount from VHDs. Create, attach, and manipulate VHD-based virtual disks pinch record I/O operations.

Media, graphics and UI

Multimedia and UI components received respective under-the-hood updates. These don’t adhd features, but immoderate instability present tin impact nan personification experience.

• Graphics Stack: Run screen-sharing and seizure scenarios. WinUI apps utilizing animation shadows should behave consistently.
• Media Foundation: Playback tests connected Blu-ray contented pinch subtitles are needed. Check for regressions successful rendering.
• Gaming Tools: Use nan Game Bar (Win+G) to trial screenshots and recordings during gameplay connected Windows 11. Microsoft recommends that you instal respective (at slightest three) games to afloat trial retired this graphics stack change. We ne'er had it truthful good.

File strategy and storage

This month’s patches impact really Windows record systems respond to directory alteration notifications and equine events. Be judge to:

• Simulate NTFS events: Monitor record creation/deletion successful Explorer-style interfaces.
• Reboot & Remount: Mount VHDs, execute record operations, past reboot to guarantee persistence and information integrity.

Given nan ample number of security-related changes to Windows this month, nan Readiness squad recommends nan pursuing wide testing (in summation to nan earlier recommendations) utilizing some strategy and user-based accounts:

• Basic authentication scenarios utilizing passwords, PIN, and biometrics successful a workgroup, AD and AAD environment
• Digital authorities guidance applications (third-party and Microsoft)
• SMB and IIS access that requires certificate-based authentication.
• Line-of-business applications that trust connected HTTPS to guarantee they’re still accessible. 

When moving done these scenarios, look for representation leaks and processor spikes successful nan kernel.

Each month, we break down nan update rhythm into merchandise families (as defined by Microsoft) pinch nan pursuing basal groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft Exchange and SQL Server 
• Microsoft Developer Tools (Visual Studio and .NET)
• Adobe (if you get this far) 

Browsers

We person much patches for nan Microsoft browser (Edge) level than accustomed this period — nary are rated captious for April arsenic each 13 (nine of them related to Chromium) are tagged arsenic important. All of these low-profile changes tin beryllium added to your modular merchandise calendar.

Microsoft Windows

This is simply a large period for Windows updates, arsenic Microsoft published six captious updates and 85 patches rated important. The captious patches screen nan pursuing characteristic groups wrong nan Microsoft Windows platform:

• Windows Lightweight Directory Access Protocol (LDAP) Windows TCP/IP Remote Code Execution Vulnerability
• Windows Remote Desktop Services
• Windows Hyper-V 

Unfortunately, location are reports of exploits of a halfway strategy constituent vulnerability (CVE-2025-29824) that requires a “Patch Now” recommendation.

Microsoft Office

The existent attraction of this month’s deployments should beryllium Office, pinch 5 captious (CVE-2025-27745, CVE-2025-27748, CVE-2025-27749, CVE-2025-27752 and CVE-2025-29791) patches. In summation to these, location are different 16 updates rated important by Microsoft. Unfortunately, location person been reports of missing files, downloading issues and surgery updates. The Readiness squad suggests that testing commencement immediately, pinch staged spot deployments (noting that further changes mightiness get complete nan coming days).

Microsoft Exchange and SQL Server

We get 1 update (CVE-2025-29803) that affects nan SQL Server platform. This spot updates Microsoft’s SQL Server Management Studio (and Visual Studio), not SQL Server itself. So, nan server squad gets a reprieve. Add this spot to your modular developer merchandise schedule.

Developer tools

Microsoft released 5 patches (CVE-2025-29803, CVE-2025-29802, CVE-2025-29804, CVE-2025-20570, CVE-2025-26682) each affecting Microsoft Visual Studio and ASP.NET Core. As application-level changes, these patches tin beryllium deployed pinch your modular developer merchandise schedule.

Adobe (and third-party updates)

We are backmost connected way again, pinch nary Microsoft updates for Adobe products. That said, Microsoft published 9 Chromium updates, each of which are included successful nan Browser conception above.