Right this moment is Microsoft’s Might 2025 Patch Tuesday, which incorporates security updates for 72 flaws, together with 5 actively exploited and two publicly disclosed zero-day vulnerabilities.
This Patch Tuesday additionally fixes six “Crucial” vulnerabilities, 5 being distant code execution vulnerabilities and one other an data disclosure bug.
The variety of bugs in every vulnerability class is listed under:
- 17 Elevation of Privilege Vulnerabilities
- 2 Safety Characteristic Bypass Vulnerabilities
- 28 Distant Code Execution Vulnerabilities
- 15 Data Disclosure Vulnerabilities
- 7 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
This depend doesn’t embrace Azure, Dataverse, Mariner, and Microsoft Edge flaws that had been fastened earlier this month.
To study extra concerning the non-security updates launched at the moment, you possibly can evaluate our devoted articles on the Home windows 11 KB5058411 and KB5058405 cumulative updates and the Home windows 10 KB5058379 replace.
5 actively exploited zero-days
This month’s Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is obtainable.
The actively exploited zero-day vulnerability in at the moment’s updates is:
CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft fastened an exploited elevation of privileges vulnerability that offers attackers SYSTEM privileges.
“Use after free in Home windows DWM permits a certified attacker to raise privileges regionally,” reads the advisory.
Microsoft attributes the invention of this flaw to the Microsoft Menace Intelligence Middle.
CVE-2025-32701 – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
Microsoft fastened an exploited elevation of privileges vulnerability that offers attackers SYSTEM privileges.
“Use after free in Home windows Frequent Log File System Driver permits a certified attacker to raise privileges regionally,” reads the advisory.
Microsoft attributes the invention of this flaw to the Microsoft Menace Intelligence Middle.
CVE-2025-32706 – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
Microsoft fastened an exploited elevation of privileges vulnerability that offers attackers SYSTEM privileges.
“Improper enter validation in Home windows Frequent Log File System Driver permits a certified attacker to raise privileges regionally,” explains the advisory.
Microsoft attributes the invention of this flaw to Benoit Sevens of Google Menace Intelligence Group and the CrowdStrike Superior Analysis Crew.
CVE-2025-32709 – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability
Microsoft fastened an exploited elevation of privileges vulnerability that offers attackers SYSTEM privileges.
“Use after free in Home windows Ancillary Perform Driver for WinSock permits a certified attacker to raise privileges regionally,” explains Microsoft’s advisory.
This flaw was disclosed by an “Nameless” researcher.
CVE-2025-30397 – Scripting Engine Reminiscence Corruption Vulnerability
Microsoft fastened a distant code execution vulnerability that may be exploited by means of Microsoft Edge or Web Explorer.
“Entry of useful resource utilizing incompatible sort (‘sort confusion’) in Microsoft Scripting Engine permits an unauthorized attacker to execute code over a community,” explains Microsoft.
Microsoft says that risk actors have to trick an authenticated consumer into clicking on a specifically crafted hyperlink in Edge or Web Explorer, permitting an unauthenticated attacker to realize distant code execution.
Microsoft attributes the invention of this flaw to the Microsoft Menace Intelligence Middle.
Microsoft has not shared any particulars on how these flaws had been exploited in assaults.
The publicly disclosed zero-days are:
CVE-2025-26685 – Microsoft Defender for Identification Spoofing Vulnerability
Microsoft fixes a flaw in Microsoft Defender that enables an unauthenticated assault to spoof one other account.
“Improper authentication in Microsoft Defender for Identification permits an unauthorized attacker to carry out spoofing over an adjoining community,” explains Microsoft.
The flaw could be exploited by an unauthenticated attacker with LAN entry.
Microsoft attributes the invention of this flaw to Joshua Murrell with NetSPI.
CVE-2025-32702 – Visible Studio Distant Code Execution Vulnerability
Microsoft fastened a Visible Studio distant code execution flaw that may be exploited by an unauthenticated attacker.
“Improper neutralization of particular components utilized in a command (‘command injection’) in Visible Studio permits an unauthorized attacker to execute code regionally,” explains Microsoft.
Microsoft has not shared who disclosed this flaw.
Current updates from different firms
Different distributors who launched updates or advisories in Might 2025 embrace:
The Might 2025 Patch Tuesday Safety Updates
Under is the whole listing of resolved vulnerabilities within the Might 2025 Patch Tuesday updates.
To entry the complete description of every vulnerability and the programs it impacts, you possibly can view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET, Visible Studio, and Construct Instruments for Visible Studio | CVE-2025-26646 | .NET, Visible Studio, and Construct Instruments for Visible Studio Spoofing Vulnerability | Vital |
| Energetic Listing Certificates Providers (AD CS) | CVE-2025-29968 | Energetic Listing Certificates Providers (AD CS) Denial of Service Vulnerability | Vital |
| Azure | CVE-2025-33072 | Microsoft msagsfeedback.azurewebsites.internet Data Disclosure Vulnerability | Crucial |
| Azure | CVE-2025-30387 | Doc Intelligence Studio On-Prem Elevation of Privilege Vulnerability | Vital |
| Azure Automation | CVE-2025-29827 | Azure Automation Elevation of Privilege Vulnerability | Crucial |
| Azure DevOps | CVE-2025-29813 | Azure DevOps Server Elevation of Privilege Vulnerability | Crucial |
| Azure File Sync | CVE-2025-29973 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Vital |
| Azure Storage Useful resource Supplier | CVE-2025-29972 | Azure Storage Useful resource Supplier Spoofing Vulnerability | Crucial |
| Microsoft Brokering File System | CVE-2025-29970 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Vital |
| Microsoft Dataverse | CVE-2025-47732 | Microsoft Dataverse Distant Code Execution Vulnerability | Crucial |
| Microsoft Dataverse | CVE-2025-29826 | Microsoft Dataverse Elevation of Privilege Vulnerability | Vital |
| Microsoft Defender for Endpoint | CVE-2025-26684 | Microsoft Defender Elevation of Privilege Vulnerability | Vital |
| Microsoft Defender for Identification | CVE-2025-26685 | Microsoft Defender for Identification Spoofing Vulnerability | Vital |
| Microsoft Edge (Chromium-based) | CVE-2025-4050 | Chromium: CVE-2025-4050 Out of bounds reminiscence entry in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4096 | Chromium: CVE-2025-4096 Heap buffer overflow in HTML | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-29825 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Low |
| Microsoft Edge (Chromium-based) | CVE-2025-4052 | Chromium: CVE-2025-4052 Inappropriate implementation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4051 | Chromium: CVE-2025-4051 Inadequate knowledge validation in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2025-4372 | Chromium: CVE-2025-4372 Use after free in WebAudio | Unknown |
| Microsoft Workplace | CVE-2025-30377 | Microsoft Workplace Distant Code Execution Vulnerability | Crucial |
| Microsoft Workplace | CVE-2025-30386 | Microsoft Workplace Distant Code Execution Vulnerability | Crucial |
| Microsoft Workplace Excel | CVE-2025-29977 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30383 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-29979 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30376 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30393 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-32704 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30375 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30379 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-30381 | Microsoft Excel Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Outlook | CVE-2025-32705 | Microsoft Outlook Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace PowerPoint | CVE-2025-29978 | Microsoft PowerPoint Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-30378 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-30382 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-30384 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-29976 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Vital |
| Microsoft PC Supervisor | CVE-2025-29975 | Microsoft PC Supervisor Elevation of Privilege Vulnerability | Vital |
| Microsoft Energy Apps | CVE-2025-47733 | Microsoft Energy Apps Data Disclosure Vulnerability | Crucial |
| Microsoft Scripting Engine | CVE-2025-30397 | Scripting Engine Reminiscence Corruption Vulnerability | Vital |
| Distant Desktop Gateway Service | CVE-2025-26677 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Vital |
| Distant Desktop Gateway Service | CVE-2025-29967 | Distant Desktop Consumer Distant Code Execution Vulnerability | Crucial |
| Distant Desktop Gateway Service | CVE-2025-29831 | Home windows Distant Desktop Providers Distant Code Execution Vulnerability | Vital |
| Distant Desktop Gateway Service | CVE-2025-30394 | Home windows Distant Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Vital |
| Position: Home windows Hyper-V | CVE-2025-29955 | Home windows Hyper-V Denial of Service Vulnerability | Vital |
| Common Print Administration Service | CVE-2025-29841 | Common Print Administration Service Elevation of Privilege Vulnerability | Vital |
| UrlMon | CVE-2025-29842 | UrlMon Safety Characteristic Bypass Vulnerability | Vital |
| Visible Studio | CVE-2025-32703 | Visible Studio Data Disclosure Vulnerability | Vital |
| Visible Studio | CVE-2025-32702 | Visible Studio Distant Code Execution Vulnerability | Vital |
| Visible Studio Code | CVE-2025-21264 | Visible Studio Code Safety Characteristic Bypass Vulnerability | Vital |
| Net Menace Protection (WTD.sys) | CVE-2025-29971 | Net Menace Protection (WTD.sys) Denial of Service Vulnerability | Vital |
| Home windows Ancillary Perform Driver for WinSock | CVE-2025-32709 | Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability | Vital |
| Home windows Frequent Log File System Driver | CVE-2025-32701 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Frequent Log File System Driver | CVE-2025-30385 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Frequent Log File System Driver | CVE-2025-32706 | Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Deployment Providers | CVE-2025-29957 | Home windows Deployment Providers Denial of Service Vulnerability | Vital |
| Home windows Drivers | CVE-2025-29838 | Home windows ExecutionContext Driver Elevation of Privilege Vulnerability | Vital |
| Home windows DWM | CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Vital |
| Home windows File Server | CVE-2025-29839 | Home windows A number of UNC Supplier Driver Data Disclosure Vulnerability | Vital |
| Home windows Fundamentals | CVE-2025-29969 | MS-EVEN RPC Distant Code Execution Vulnerability | Vital |
| Home windows {Hardware} Lab Equipment | CVE-2025-27488 | Microsoft Home windows {Hardware} Lab Equipment (HLK) Elevation of Privilege Vulnerability | Vital |
| Home windows Installer | CVE-2025-29837 | Home windows Installer Data Disclosure Vulnerability | Vital |
| Home windows Kernel | CVE-2025-24063 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Vital |
| Home windows Kernel | CVE-2025-29974 | Home windows Kernel Data Disclosure Vulnerability | Vital |
| Home windows LDAP – Light-weight Listing Entry Protocol | CVE-2025-29954 | Home windows Light-weight Listing Entry Protocol (LDAP) Denial of Service Vulnerability | Vital |
| Home windows Media | CVE-2025-29962 | Home windows Media Distant Code Execution Vulnerability | Vital |
| Home windows Media | CVE-2025-29963 | Home windows Media Distant Code Execution Vulnerability | Vital |
| Home windows Media | CVE-2025-29964 | Home windows Media Distant Code Execution Vulnerability | Vital |
| Home windows Media | CVE-2025-29840 | Home windows Media Distant Code Execution Vulnerability | Vital |
| Home windows NTFS | CVE-2025-32707 | NTFS Elevation of Privilege Vulnerability | Vital |
| Home windows Distant Desktop | CVE-2025-29966 | Distant Desktop Consumer Distant Code Execution Vulnerability | Crucial |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29836 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29959 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29835 | Home windows Distant Entry Connection Supervisor Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29960 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29832 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29830 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29961 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-29958 | Home windows Routing and Distant Entry Service (RRAS) Data Disclosure Vulnerability | Vital |
| Home windows Safe Kernel Mode | CVE-2025-27468 | Home windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Vital |
| Home windows SMB | CVE-2025-29956 | Home windows SMB Data Disclosure Vulnerability | Vital |
| Home windows Trusted Runtime Interface Driver | CVE-2025-29829 | Home windows Trusted Runtime Interface Driver Data Disclosure Vulnerability | Vital |
| Home windows Digital Machine Bus | CVE-2025-29833 | Microsoft Digital Machine Bus (VMBus) Distant Code Execution Vulnerability | Crucial |
| Home windows Win32K – GRFX | CVE-2025-30388 | Home windows Graphics Part Distant Code Execution Vulnerability | Vital |
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and defend in opposition to them.
