At present is Microsoft’s Might 2025 Patch Tuesday, which incorporates safety updates for 72 flaws, together with 5 actively exploited and two publicly disclosed zero-day vulnerabilities.
This Patch Tuesday additionally fixes six “Important” vulnerabilities, 5 being distant code execution vulnerabilities and one other an info disclosure bug.
The variety of bugs in every vulnerability class is listed under:
- 17 Elevation of Privilege Vulnerabilities
- 2 Safety Function Bypass Vulnerabilities
- 28 Distant Code Execution Vulnerabilities
- 15 Info Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
This rely doesn’t embody Azure, Dataverse, Mariner, and Microsoft Edge flaws that have been mounted earlier this month.
To study extra in regards to the non-security updates launched right this moment, you possibly can assessment our devoted articles on the Home windows 11 KB5058411 and KB5058405 cumulative updates and the Home windows 10 KB5058379 replace.
5 actively exploited zero-days
This month’s Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is accessible.
The actively exploited zero-day vulnerability in right this moment’s updates is:
CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft mounted an exploited elevation of privileges vulnerability that provides attackers SYSTEM privileges.
“Use after free in Home windows DWM permits a licensed attacker to raise privileges domestically,” reads the advisory.
Microsoft attributes the invention of this flaw to the Microsoft Risk Intelligence Middle.
CVE-2025-32701 – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
Microsoft mounted an exploited elevation of privileges vulnerability that provides attackers SYSTEM privileges.
“Use after free in Home windows Frequent Log File System Driver permits a licensed attacker to raise privileges domestically,” reads the advisory.
Microsoft attributes the invention of this flaw to the Microsoft Risk Intelligence Middle.
CVE-2025-32706 – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
Microsoft mounted an exploited elevation of privileges vulnerability that provides attackers SYSTEM privileges.
“Improper enter validation in Home windows Frequent Log File System Driver permits a licensed attacker to raise privileges domestically,” explains the advisory.
Microsoft attributes the invention of this flaw to Benoit Sevens of Google Risk Intelligence Group and the CrowdStrike Superior Analysis Workforce.
CVE-2025-32709 – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability
Microsoft mounted an exploited elevation of privileges vulnerability that provides attackers SYSTEM privileges.
“Use after free in Home windows Ancillary Perform Driver for WinSock permits a licensed attacker to raise privileges domestically,” explains Microsoft’s advisory.
This flaw was disclosed by an “Nameless” researcher.
CVE-2025-30397 – Scripting Engine Reminiscence Corruption Vulnerability
Microsoft mounted a distant code execution vulnerability that may be exploited via Microsoft Edge or Web Explorer.
“Entry of useful resource utilizing incompatible kind (‘kind confusion’) in Microsoft Scripting Engine permits an unauthorized attacker to execute code over a community,” explains Microsoft.
Microsoft says that risk actors must trick an authenticated consumer into clicking on a specifically crafted hyperlink in Edge or Web Explorer, permitting an unauthenticated attacker to realize distant code execution.
Microsoft attributes the invention of this flaw to the Microsoft Risk Intelligence Middle.
Microsoft has not shared any particulars on how these flaws have been exploited in assaults.
The publicly disclosed zero-days are:
CVE-2025-26685 – Microsoft Defender for Id Spoofing Vulnerability
Microsoft fixes a flaw in Microsoft Defender that enables an unauthenticated assault to spoof one other account.
“Improper authentication in Microsoft Defender for Id permits an unauthorized attacker to carry out spoofing over an adjoining community,” explains Microsoft.
The flaw will be exploited by an unauthenticated attacker with LAN entry.
Microsoft attributes the invention of this flaw to Joshua Murrell with NetSPI.
CVE-2025-32702 – Visible Studio Distant Code Execution Vulnerability
Microsoft mounted a Visible Studio distant code execution flaw that may be exploited by an unauthenticated attacker.
“Improper neutralization of particular parts utilized in a command (‘command injection’) in Visible Studio permits an unauthorized attacker to execute code domestically,” explains Microsoft.
Microsoft has not shared who disclosed this flaw.
Current updates from different corporations
Different distributors who launched updates or advisories in Might 2025 embody:
The Might 2025 Patch Tuesday Safety Updates
Under is the whole checklist of resolved vulnerabilities within the Might 2025 Patch Tuesday updates.
To entry the total description of every vulnerability and the techniques it impacts, you possibly can view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET, Visible Studio, and Construct Instruments for Visible Studio | CVE-2025-26646 | .NET, Visible Studio, and Construct Instruments for Visible Studio Spoofing Vulnerability | Necessary |
| Lively Listing Certificates Companies (AD CS) | CVE-2025-29968 | Lively Listing Certificates Companies (AD CS) Denial of Service Vulnerability | Necessary |
| Azure | CVE-2025-33072 | Microsoft msagsfeedback.azurewebsites.internet Info Disclosure Vulnerability | Important |
| Azure | CVE-2025-30387 | Doc Intelligence Studio On-Prem Elevation of Privilege Vulnerability | Necessary |
| Azure Automation | CVE-2025-29827 | Azure Automation Elevation of Privilege Vulnerability | Important |
| Azure DevOps | CVE-2025-29813 | Azure DevOps Server Elevation of Privilege Vulnerability | Important |
| Azure File Sync | CVE-2025-29973 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Necessary |
| Azure Storage Useful resource Supplier | CVE-2025-29972 | Azure Storage Useful resource Supplier Spoofing Vulnerability | Important |
| Microsoft Brokering File System | CVE-2025-29970 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Necessary |
| Microsoft Dataverse | CVE-2025-47732 | Microsoft Dataverse Distant Code Execution Vulnerability | Important |
| Microsoft Dataverse | CVE-2025-29826 | Microsoft Dataverse Elevation of Privilege Vulnerability | Necessary |
| Microsoft Defender for Endpoint | CVE-2025-26684 | Microsoft Defender Elevation of Privilege Vulnerability | Necessary |
| Microsoft Defender for Id | CVE-2025-26685 | Microsoft Defender for Id Spoofing Vulnerability | Necessary |
| Microsoft Edge (Chromium-based) | CVE-2025-4050 | Chromium: CVE-2025-4050 Out of bounds reminiscence entry in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4096 | Chromium: CVE-2025-4096 Heap buffer overflow in HTML | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-29825 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-4052 | Chromium: CVE-2025-4052 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4051 | Chromium: CVE-2025-4051 Inadequate knowledge validation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4372 | Chromium: CVE-2025-4372 Use after free in WebAudio | Unknown |
| Microsoft Workplace | CVE-2025-30377 | Microsoft Workplace Distant Code Execution Vulnerability | Important |
| Microsoft Workplace | CVE-2025-30386 | Microsoft Workplace Distant Code Execution Vulnerability | Important |
| Microsoft Workplace Excel | CVE-2025-29977 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30383 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-29979 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30376 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30393 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-32704 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30375 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30379 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-30381 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Outlook | CVE-2025-32705 | Microsoft Outlook Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace PowerPoint | CVE-2025-29978 | Microsoft PowerPoint Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-30378 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-30382 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-30384 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-29976 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Necessary |
| Microsoft PC Supervisor | CVE-2025-29975 | Microsoft PC Supervisor Elevation of Privilege Vulnerability | Necessary |
| Microsoft Energy Apps | CVE-2025-47733 | Microsoft Energy Apps Info Disclosure Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2025-30397 | Scripting Engine Reminiscence Corruption Vulnerability | Necessary |
| Distant Desktop Gateway Service | CVE-2025-26677 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Necessary |
| Distant Desktop Gateway Service | CVE-2025-29967 | Distant Desktop Shopper Distant Code Execution Vulnerability | Important |
| Distant Desktop Gateway Service | CVE-2025-29831 | Home windows Distant Desktop Companies Distant Code Execution Vulnerability | Necessary |
| Distant Desktop Gateway Service | CVE-2025-30394 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Necessary |
| Function: Home windows Hyper-V | CVE-2025-29955 | Home windows Hyper-V Denial of Service Vulnerability | Necessary |
| Common Print Administration Service | CVE-2025-29841 | Common Print Administration Service Elevation of Privilege Vulnerability | Necessary |
| UrlMon | CVE-2025-29842 | UrlMon Safety Function Bypass Vulnerability | Necessary |
| Visible Studio | CVE-2025-32703 | Visible Studio Info Disclosure Vulnerability | Necessary |
| Visible Studio | CVE-2025-32702 | Visible Studio Distant Code Execution Vulnerability | Necessary |
| Visible Studio Code | CVE-2025-21264 | Visible Studio Code Safety Function Bypass Vulnerability | Necessary |
| Internet Risk Protection (WTD.sys) | CVE-2025-29971 | Internet Risk Protection (WTD.sys) Denial of Service Vulnerability | Necessary |
| Home windows Ancillary Perform Driver for WinSock | CVE-2025-32709 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability | Necessary |
| Home windows Frequent Log File System Driver | CVE-2025-32701 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Frequent Log File System Driver | CVE-2025-30385 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Frequent Log File System Driver | CVE-2025-32706 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Deployment Companies | CVE-2025-29957 | Home windows Deployment Companies Denial of Service Vulnerability | Necessary |
| Home windows Drivers | CVE-2025-29838 | Home windows ExecutionContext Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows DWM | CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Necessary |
| Home windows File Server | CVE-2025-29839 | Home windows A number of UNC Supplier Driver Info Disclosure Vulnerability | Necessary |
| Home windows Fundamentals | CVE-2025-29969 | MS-EVEN RPC Distant Code Execution Vulnerability | Necessary |
| Home windows {Hardware} Lab Equipment | CVE-2025-27488 | Microsoft Home windows {Hardware} Lab Equipment (HLK) Elevation of Privilege Vulnerability | Necessary |
| Home windows Installer | CVE-2025-29837 | Home windows Installer Info Disclosure Vulnerability | Necessary |
| Home windows Kernel | CVE-2025-24063 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Kernel | CVE-2025-29974 | Home windows Kernel Info Disclosure Vulnerability | Necessary |
| Home windows LDAP – Light-weight Listing Entry Protocol | CVE-2025-29954 | Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability | Necessary |
| Home windows Media | CVE-2025-29962 | Home windows Media Distant Code Execution Vulnerability | Necessary |
| Home windows Media | CVE-2025-29963 | Home windows Media Distant Code Execution Vulnerability | Necessary |
| Home windows Media | CVE-2025-29964 | Home windows Media Distant Code Execution Vulnerability | Necessary |
| Home windows Media | CVE-2025-29840 | Home windows Media Distant Code Execution Vulnerability | Necessary |
| Home windows NTFS | CVE-2025-32707 | NTFS Elevation of Privilege Vulnerability | Necessary |
| Home windows Distant Desktop | CVE-2025-29966 | Distant Desktop Shopper Distant Code Execution Vulnerability | Important |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29836 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29959 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29835 | Home windows Distant Entry Connection Supervisor Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29960 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29832 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29830 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29961 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29958 | Home windows Routing and Distant Entry Service (RRAS) Info Disclosure Vulnerability | Necessary |
| Home windows Safe Kernel Mode | CVE-2025-27468 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows SMB | CVE-2025-29956 | Home windows SMB Info Disclosure Vulnerability | Necessary |
| Home windows Trusted Runtime Interface Driver | CVE-2025-29829 | Home windows Trusted Runtime Interface Driver Info Disclosure Vulnerability | Necessary |
| Home windows Digital Machine Bus | CVE-2025-29833 | Microsoft Digital Machine Bus (VMBus) Distant Code Execution Vulnerability | Important |
| Home windows Win32K – GRFX | CVE-2025-30388 | Home windows Graphics Element Distant Code Execution Vulnerability | Necessary |
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and easy methods to defend in opposition to them.
