Microsoft on Tuesday shipped fixes to deal with a complete of 78 safety flaws throughout its software program lineup, together with a set of 5 zero-days which have come underneath lively exploitation within the wild.
Of the 78 flaws resolved by the tech big, 11 are rated Essential, 66 are rated Essential, and one is rated Low in severity. Twenty-eight of those vulnerabilities result in distant code execution, 21 of them are privilege escalation bugs, and 16 others are labeled as data disclosure flaws.
The updates are along with eight extra safety defects patched by the corporate in its Chromium-based Edge browser because the launch of final month’s Patch Tuesday replace.
The 5 vulnerabilities which have come underneath lively exploitation within the wild are listed beneath –
- CVE-2025-30397 (CVSS rating: 7.5) – Scripting Engine Reminiscence Corruption Vulnerability
- CVE-2025-30400 (CVSS rating: 7.8) – Microsoft Desktop Window Supervisor (DWM) Core Library Elevation of Privilege Vulnerability
- CVE-2025-32701 (CVSS rating: 7.8) – Home windows Frequent Log File System (CLFS) Driver Elevation of Privilege Vulnerability
- CVE-2025-32706 (CVSS rating: 7.8) – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
- CVE-2025-32709 (CVSS rating: 7.8) – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability
Whereas the primary three flaws have been credited to Microsoft’s personal menace intelligence crew, Benoit Sevens of Google Menace Intelligence Group and the CrowdStrike Superior Analysis Staff have been acknowledged for the invention of CVE-2025-32706. An nameless researcher has been credited with reporting CVE-2025-32709.
“One other zero-day vulnerability has been recognized within the Microsoft Scripting Engine, a key part utilized by Web Explorer and Web Explorer mode in Microsoft Edge,” Alex Vovk, CEO and co-founder of Action1, mentioned about CVE-2025-30397.
“Attackers can exploit the flaw by way of a malicious net web page or script that causes the scripting engine to misread object varieties, leading to reminiscence corruption and arbitrary code execution within the context of the present person. If the person has administrative privileges, attackers may achieve full system management – enabling knowledge theft, malware set up, and lateral motion throughout networks.”
CVE-2025-30400 is the third privilege escalation flaw in DWM Core Library to be weaponized within the wild since 2023. In Could 2024, Microsoft issued patches for CVE-2024-30051, which Kaspersky mentioned was utilized in assaults distributing QakBot (aka Qwaking Mantis) malware.
“Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM,” Satnam Narang, senior employees analysis engineer at Tenable, mentioned in an announcement shared with The Hacker Information.
“In reality, the April 2025 launch included fixes for 5 DWM Core Library elevation of privilege vulnerabilities. Previous to CVE-2025-30400, solely two DWM elevation of privilege bugs have been exploited as zero days – CVE-2024-30051 in 2024 and CVE-2023-36033 in 2023.”
CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation flaws to be found within the CLFS part and have been exploited in real-world assaults since 2022. Final month, Microsoft revealed that CVE-2025-29824 was exploited in restricted assaults to focus on firms within the U.S., Venezuela, Spain, and Saudi Arabia.
CVE-2025-29824 can be mentioned to have been exploited as a zero-day by menace actors linked to the Play ransomware household as a part of an assault concentrating on an unnamed group within the U.S., Broadcom-owned Symantec revealed earlier this month.
CVE-2025-32709, likewise, is the third privilege escalation flaw within the Ancillary Perform Driver for WinSock part to have come underneath abuse inside a span of a yr, after CVE-2024-38193 and CVE-2025-21418. It is value noting that the exploitation of CVE-2024-38193 has been attributed to the North Korea-linked Lazarus Group.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add all 5 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal companies to use the fixes by June 3, 2025.
Microsoft’s Patch Tuesday replace additionally addresses a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684, CVSS rating: 6.7) that would allow a licensed attacker to raise privileges regionally.
Stratascale researcher Wealthy Mirch, who is without doubt one of the two researchers, acknowledged for reporting the vulnerability, mentioned the problem is rooted in a Python helper script that features a operate (“grab_java_version()”) to find out the Java Runtime Surroundings (JRE) model.
“The operate determines the placement of the Java binary on disk by checking the /proc/
One other notable flaw is a spoofing vulnerability affecting Microsoft Defender for Id (CVE-2025-26685, CVSS rating: 6.5) that enables an attacker with LAN entry to carry out spoofing over an adjoining community.
“The lateral motion path detection function can itself probably be exploited by an adversary to acquire an NTLM hash,” Adam Barnett, lead software program engineer at Rapid7, mentioned in an announcement. “The compromised credentials on this case could be these of the Listing Providers account, and exploitation depends on reaching fallback from Kerberos to NTLM.”
The vulnerability with the maximum-severity is CVE-2025-29813 (CVSS rating: 10.0), a privilege escalation flaw in Azure DevOps Server that enables an unauthorized attacker to raise privileges over a community. Microsoft mentioned the shortcoming has been already deployed within the cloud and there’s no motion required on the a part of prospects.
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
