Microsoft May 2025 Patch Tuesday: 72 Vulnerabilities Fixed, Including 5 Zero-Days

Microsoft has released its May 2025 Patch Tuesday update, addressing 72 security vulnerabilities, including 5 actively exploited zero-days and 2 publicly disclosed flaws. The updates cover the following categories:

  • 2 Security Feature Bypass Vulnerabilities
  • 28 Remote Code Execution Vulnerabilities
  • 15 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

>>>New 6875 mAh/54.08Wh BLN001 Replacement Battery for OPPO Realme Book 14 Inch Air

Actively Exploited Zero-Days

CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege

  • Use-after-free vulnerability in Windows DWM
  • Allows local privilege escalation to SYSTEM
  • Discovered by the Microsoft Threat Intelligence Center

CVE-2025-32701 – Windows Common Log File System Driver Elevation of Privilege

  • Use-after-free vulnerability in Windows CLFS
  • Allows local privilege escalation to SYSTEM
  • Discovered by the Microsoft Threat Intelligence Center

CVE-2025-32706 – Windows Common Log File System Driver Elevation of Privilege

  • Improper input validation in Windows CLFS
  • Allows local privilege escalation to SYSTEM
  • Discovered by Benoit Sevens (Google Threat Intelligence Group) and the CrowdStrike Advanced Research Team

CVE-2025-32709 – Windows Ancillary Function Driver for WinSock Elevation of Privilege

  • Use-after-free vulnerability in Windows AFD for WinSock
  • Allows local privilege escalation to SYSTEM
  • Disclosed by an Anonymous researcher

CVE-2025-30397 – scripting Engine Memory Corruption

  • Type confusion in Microsoft scripting Engine
  • Allows remote code execution through Edge or Internet Explorer
  • Discovered by the Microsoft Threat Intelligence Center

>>>New 8380 mAh/96Wh C32N2002-2 Replacement Battery for Asus ZenBookPro15 UX535LH

Publicly Disclosed Zero-Days

CVE-2025-26685 – Microsoft Defender for Identity Spoofing

  • Improper authentication in Microsoft Defender for Identity
  • Allows account spoofing over a local network
  • Discovered by Joshua Murrell (NetSPI)

CVE-2025-32702 – Visual Studio Remote Code Execution

  • Command injection in Visual Studio
  • Allows local code execution
  • No disclosure credits provided by Microsoft

These updates do not include fixes for Azure, Dataverse, Mariner, and Microsoft Edge vulnerabilities addressed earlier this month.

Leave a Reply

Your email address will not be published. Required fields are marked *