{"id":1190,"date":"2025-05-14T01:54:05","date_gmt":"2025-05-14T01:54:05","guid":{"rendered":"https:\/\/www.batteryone.co\/blog\/?p=1190"},"modified":"2025-05-14T01:54:05","modified_gmt":"2025-05-14T01:54:05","slug":"microsoft-may-2025-patch-tuesday-72-vulnerabilities-fixed-including-5-zero-days","status":"publish","type":"post","link":"https:\/\/www.batteryone.co\/blog\/archives\/1190","title":{"rendered":"Microsoft May 2025 Patch Tuesday: 72 Vulnerabilities Fixed, Including 5 Zero-Days"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-1024x576.png\" alt=\"\" class=\"wp-image-1191\" srcset=\"https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-1024x576.png 1024w, https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-300x169.png 300w, https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-768x432.png 768w, https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-1536x864.png 1536w, https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1-400x225.png 400w, https:\/\/www.batteryone.co\/blog\/wp-content\/uploads\/2025\/05\/\u56fe\u72471-1.png 1600w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Microsoft has released its&nbsp;<strong>May 2025 Patch Tuesday<\/strong>&nbsp;update, addressing&nbsp;<strong>72 security vulnerabilities<\/strong>, including&nbsp;<strong>5 actively exploited zero-days<\/strong>&nbsp;and&nbsp;<strong>2 publicly disclosed<\/strong>&nbsp;flaws. The updates cover the following categories:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2 Security Feature Bypass Vulnerabilities<\/strong><\/li>\n\n\n\n<li><strong>28 Remote Code Execution Vulnerabilities<\/strong><\/li>\n\n\n\n<li><strong>15 Information Disclosure Vulnerabilities<\/strong><\/li>\n\n\n\n<li><strong>7 Denial of Service Vulnerabilities<\/strong><\/li>\n\n\n\n<li><strong>2 Spoofing Vulnerabilities<\/strong><\/li>\n<\/ul>\n\n\n\n<p>&gt;&gt;&gt;<a href=\"https:\/\/www.batteryone.co\/detail\/1747557\/BLN001\">New 6875 mAh\/54.08Wh BLN001 Replacement Battery for OPPO Realme Book 14 Inch Air<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Actively Exploited Zero-Days<\/h2>\n\n\n\n<p><strong>CVE-2025-30400 &#8211; Microsoft DWM Core Library Elevation of Privilege<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use-after-free vulnerability in\u00a0<strong>Windows DWM<\/strong><\/li>\n\n\n\n<li>Allows local privilege escalation to SYSTEM<\/li>\n\n\n\n<li>Discovered by the\u00a0<strong>Microsoft Threat Intelligence Center<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>CVE-2025-32701 &#8211; Windows Common Log File System Driver Elevation of Privilege<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use-after-free vulnerability in\u00a0<strong>Windows CLFS<\/strong><\/li>\n\n\n\n<li>Allows local privilege escalation to SYSTEM<\/li>\n\n\n\n<li>Discovered by the\u00a0<strong>Microsoft Threat Intelligence Center<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>CVE-2025-32706 &#8211; Windows Common Log File System Driver Elevation of Privilege<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improper input validation in\u00a0<strong>Windows CLFS<\/strong><\/li>\n\n\n\n<li>Allows local privilege escalation to SYSTEM<\/li>\n\n\n\n<li>Discovered by\u00a0<strong>Benoit Sevens<\/strong>\u00a0(Google Threat Intelligence Group) and the\u00a0<strong>CrowdStrike Advanced Research Team<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>CVE-2025-32709 &#8211; Windows Ancillary Function Driver for WinSock Elevation of Privilege<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use-after-free vulnerability in\u00a0<strong>Windows AFD for WinSock<\/strong><\/li>\n\n\n\n<li>Allows local privilege escalation to SYSTEM<\/li>\n\n\n\n<li>Disclosed by an\u00a0<strong>Anonymous<\/strong>\u00a0researcher<\/li>\n<\/ul>\n\n\n\n<p><strong>CVE-2025-30397 &#8211; scripting Engine Memory Corruption<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Type confusion in\u00a0<strong>Microsoft scripting Engine<\/strong><\/li>\n\n\n\n<li>Allows remote code execution through Edge or Internet Explorer<\/li>\n\n\n\n<li>Discovered by the\u00a0<strong>Microsoft Threat Intelligence Center<\/strong><\/li>\n<\/ul>\n\n\n\n<p>&gt;&gt;&gt;<a href=\"https:\/\/www.batteryone.co\/detail\/1747554\/C32N2002-2\">New 8380 mAh\/96Wh C32N2002-2 Replacement Battery for Asus ZenBookPro15 UX535LH<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Publicly Disclosed Zero-Days<\/h2>\n\n\n\n<p><strong>CVE-2025-26685 &#8211; Microsoft Defender for Identity Spoofing<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Improper authentication in\u00a0<strong>Microsoft Defender for Identity<\/strong><\/li>\n\n\n\n<li>Allows account spoofing over a local network<\/li>\n\n\n\n<li>Discovered by\u00a0<strong>Joshua Murrell<\/strong>\u00a0(NetSPI)<\/li>\n<\/ul>\n\n\n\n<p><strong>CVE-2025-32702 &#8211; Visual Studio Remote Code Execution<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Command injection in\u00a0<strong>Visual Studio<\/strong><\/li>\n\n\n\n<li>Allows local code execution<\/li>\n\n\n\n<li>No disclosure credits provided by Microsoft<\/li>\n<\/ul>\n\n\n\n<p>These updates do not include fixes for Azure, Dataverse, Mariner, and Microsoft Edge vulnerabilities addressed earlier this month.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has released its&nbsp;May 2025 Patch Tuesday&nbsp;update, addressing&nbsp;72 security vulnerabilities, including&nbsp;5 actively exploited zero-days&nbsp;and&nbsp;2 publicly disclosed&nbsp;flaws. The updates cover the following categories: &gt;&gt;&gt;New 6875 mAh\/54.08Wh BLN001 Replacement Battery for OPPO Realme Book 14 Inch Air Actively Exploited Zero-Days CVE-2025-30400 &#8211; Microsoft DWM Core Library Elevation of Privilege CVE-2025-32701 &#8211; Windows Common Log File System Driver [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,1],"tags":[42],"class_list":["post-1190","post","type-post","status-publish","format-standard","hentry","category-laptops","category-news","tag-microsoft"],"_links":{"self":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/comments?post=1190"}],"version-history":[{"count":1,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1190\/revisions"}],"predecessor-version":[{"id":1192,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/posts\/1190\/revisions\/1192"}],"wp:attachment":[{"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/media?parent=1190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/categories?post=1190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.batteryone.co\/blog\/wp-json\/wp\/v2\/tags?post=1190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}