Microsoft on Tuesday shipped fixes to deal with a complete of 78 security flaws throughout its software program lineup, together with a set of 5 zero-days which have come underneath energetic exploitation within the wild.
Of the 78 flaws resolved by the tech large, 11 are rated Crucial, 66 are rated Vital, and one is rated Low in severity. Twenty-eight of those vulnerabilities result in distant code execution, 21 of them are privilege escalation bugs, and 16 others are categorised as data disclosure flaws.
The updates are along with eight extra security defects patched by the corporate in its Chromium-based Edge browser for the reason that launch of final month’s Patch Tuesday replace.
The 5 vulnerabilities which have come underneath energetic exploitation within the wild are listed beneath –
- CVE-2025-30397 (CVSS rating: 7.5) – Scripting Engine Reminiscence Corruption Vulnerability
- CVE-2025-30400 (CVSS rating: 7.8) – Microsoft Desktop Window Supervisor (DWM) Core Library Elevation of Privilege Vulnerability
- CVE-2025-32701 (CVSS rating: 7.8) – Home windows Frequent Log File System (CLFS) Driver Elevation of Privilege Vulnerability
- CVE-2025-32706 (CVSS rating: 7.8) – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
- CVE-2025-32709 (CVSS rating: 7.8) – Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability
Whereas the primary three flaws have been credited to Microsoft’s personal menace intelligence workforce, Benoit Sevens of Google Risk Intelligence Group and the CrowdStrike Superior Analysis Crew have been acknowledged for the invention of CVE-2025-32706. An nameless researcher has been credited with reporting CVE-2025-32709.
“One other zero-day vulnerability has been recognized within the Microsoft Scripting Engine, a key part utilized by Web Explorer and Web Explorer mode in Microsoft Edge,” Alex Vovk, CEO and co-founder of Action1, stated about CVE-2025-30397.
“Attackers can exploit the flaw through a malicious internet web page or script that causes the scripting engine to misread object varieties, leading to reminiscence corruption and arbitrary code execution within the context of the present consumer. If the consumer has administrative privileges, attackers may achieve full system management – enabling information theft, malware set up, and lateral motion throughout networks.”
CVE-2025-30400 is the third privilege escalation flaw in DWM Core Library to be weaponized within the wild since 2023. In Might 2024, Microsoft issued patches for CVE-2024-30051, which Kaspersky stated was utilized in assaults distributing QakBot (aka Qwaking Mantis) malware.
“Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM,” Satnam Narang, senior employees analysis engineer at Tenable, stated in an announcement shared with The Hacker Information.
“In truth, the April 2025 launch included fixes for 5 DWM Core Library elevation of privilege vulnerabilities. Previous to CVE-2025-30400, solely two DWM elevation of privilege bugs have been exploited as zero days – CVE-2024-30051 in 2024 and CVE-2023-36033 in 2023.”
CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation flaws to be found within the CLFS part and have been exploited in real-world assaults since 2022. Final month, Microsoft revealed that CVE-2025-29824 was exploited in restricted assaults to focus on firms within the U.S., Venezuela, Spain, and Saudi Arabia.
CVE-2025-29824 can also be stated to have been exploited as a zero-day by menace actors linked to the Play ransomware household as a part of an assault concentrating on an unnamed group within the U.S., Broadcom-owned Symantec revealed earlier this month.
CVE-2025-32709, likewise, is the third privilege escalation flaw within the Ancillary Operate Driver for WinSock part to have come underneath abuse inside a span of a yr, after CVE-2024-38193 and CVE-2025-21418. It is price noting that the exploitation of CVE-2024-38193 has been attributed to the North Korea-linked Lazarus Group.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add all 5 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal businesses to use the fixes by June 3, 2025.
Microsoft’s Patch Tuesday replace additionally addresses a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684, CVSS rating: 6.7) that would allow a licensed attacker to raise privileges regionally.
Stratascale researcher Wealthy Mirch, who is without doubt one of the two researchers, acknowledged for reporting the vulnerability, stated the problem is rooted in a Python helper script that features a operate (“grab_java_version()”) to find out the Java Runtime Surroundings (JRE) model.
“The operate determines the situation of the Java binary on disk by checking the /proc/<PID>/exe symbolic hyperlink after which executes the java -version command,” Mirch defined. “The issue is the Java binary might be working from an untrusted location. A malicious native unprivileged consumer can create a course of with the title java or javaw, which is able to finally be executed with root privileges to find out the model of the JRE.”
One other notable flaw is a spoofing vulnerability affecting Microsoft Defender for Id (CVE-2025-26685, CVSS rating: 6.5) that permits an attacker with LAN entry to carry out spoofing over an adjoining community.
“The lateral motion path detection characteristic can itself probably be exploited by an adversary to acquire an NTLM hash,” Adam Barnett, lead software program engineer at Rapid7, stated in an announcement. “The compromised credentials on this case could be these of the Listing Companies account, and exploitation depends on reaching fallback from Kerberos to NTLM.”
The vulnerability with the maximum-severity is CVE-2025-29813 (CVSS rating: 10.0), a privilege escalation flaw in Azure DevOps Server that permits an unauthorized attacker to raise privileges over a community. Microsoft stated the shortcoming has been already deployed within the cloud and there’s no motion required on the a part of clients.
Software program Patches from Different Distributors
Along with Microsoft, security updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
