Home » Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
Travel & Immigration

Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws

by Wikdaily
written by Wikdaily 0 comments
Patch Tuesday

Table of Contents

Today is Microsoft’s May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities.

This Patch Tuesday also fixes six “Critical” vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug.

The number of bugs in each vulnerability category is listed below:

  • 17 Elevation of Privilege Vulnerabilities

  • 2 Security Feature Bypass Vulnerabilities

  • 28 Remote Code Execution Vulnerabilities

  • 15 Information Disclosure Vulnerabilities

  • 7 Denial of Service Vulnerabilities

  • 2 Spoofing Vulnerabilities

This count does not include Azure, Dataverse, Mariner, and Microsoft Edge flaws that were fixed earlier this month.

To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5058411 and KB5058405 cumulative updates and the Windows 10 KB5058379 update.

Five actively exploited zero-days

This month’s Patch Tuesday fixes one actively exploited zero-day. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited while no official fix is available.

The actively exploited zero-day vulnerability in today’s updates is:

CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.

“Use after free in Windows DWM allows an authorized attacker to elevate privileges locally,” reads the advisory.

Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.

CVE-2025-32701 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.

“Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally,” reads the advisory.

Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.

CVE-2025-32706 – Windows Common Log File System Driver Elevation of Privilege Vulnerability

Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.

“Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally,” explains the advisory.

Microsoft attributes the discovery of this flaw to Benoit Sevens of Google Threat Intelligence Group and the CrowdStrike Advanced Research Team.

CVE-2025-32709 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Microsoft fixed an exploited elevation of privileges vulnerability that gives attackers SYSTEM privileges.

“Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally,” explains Microsoft’s advisory.

This flaw was disclosed by an “Anonymous” researcher.

CVE-2025-30397 – Scripting Engine Memory Corruption Vulnerability

Microsoft fixed a remote code execution vulnerability that can be exploited through Microsoft Edge or Internet Explorer.

“Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network,” explains Microsoft.

Microsoft says that threat actors need to trick an authenticated user into clicking on a specially crafted link in Edge or Internet Explorer, allowing an unauthenticated attacker to gain remote code execution.

Microsoft attributes the discovery of this flaw to the Microsoft Threat Intelligence Center.

Microsoft has not shared any details on how these flaws were exploited in attacks.

The publicly disclosed zero-days are:

CVE-2025-26685 – Microsoft Defender for Identity Spoofing Vulnerability

Microsoft fixes a flaw in Microsoft Defender that allows an unauthenticated attack to spoof another account.

“Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network,” explains Microsoft.

The flaw can be exploited by an unauthenticated attacker with LAN access.

Microsoft attributes the discovery of this flaw to Joshua Murrell with NetSPI.

CVE-2025-32702 – Visual Studio Remote Code Execution Vulnerability

Microsoft fixed a Visual Studio remote code execution flaw that can be exploited by an unauthenticated attacker.

“Improper neutralization of special elements used in a command (‘command injection’) in Visual Studio allows an unauthorized attacker to execute code locally,” explains Microsoft.

Microsoft has not shared who disclosed this flaw.

Recent updates from other companies

Other vendors who released updates or advisories in May 2025 include:

The May 2025 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities in the May 2025 Patch Tuesday updates.

To access the full description of each vulnerability and the systems it affects, you can view the full report here.

Tag
CVE ID
CVE Title
Severity
.NET, Visual Studio, and Build Tools for Visual Studio
CVE-2025-26646
.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
Important
Active Directory Certificate Services (AD CS)
CVE-2025-29968
Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
Important
Azure
CVE-2025-33072
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
Critical
Azure
CVE-2025-30387
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
Important
Azure Automation
CVE-2025-29827
Azure Automation Elevation of Privilege Vulnerability
Critical
Azure DevOps
CVE-2025-29813
Azure DevOps Server Elevation of Privilege Vulnerability
Critical
Azure File Sync
CVE-2025-29973
Microsoft Azure File Sync Elevation of Privilege Vulnerability
Important
Azure Storage Resource Provider
CVE-2025-29972
Azure Storage Resource Provider Spoofing Vulnerability
Critical
Microsoft Brokering File System
CVE-2025-29970
Microsoft Brokering File System Elevation of Privilege Vulnerability
Important
Microsoft Dataverse
CVE-2025-47732
Microsoft Dataverse Remote Code Execution Vulnerability
Critical
Microsoft Dataverse
CVE-2025-29826
Microsoft Dataverse Elevation of Privilege Vulnerability
Important
Microsoft Defender for Endpoint
CVE-2025-26684
Microsoft Defender Elevation of Privilege Vulnerability
Important
Microsoft Defender for Identity
CVE-2025-26685
Microsoft Defender for Identity Spoofing Vulnerability
Important
Microsoft Edge (Chromium-based)
CVE-2025-4050
Chromium: CVE-2025-4050 Out of bounds memory access in DevTools
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-4096
Chromium: CVE-2025-4096 Heap buffer overflow in HTML
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-29825
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Low
Microsoft Edge (Chromium-based)
CVE-2025-4052
Chromium: CVE-2025-4052 Inappropriate implementation in DevTools
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-4051
Chromium: CVE-2025-4051 Insufficient data validation in DevTools
Unknown
Microsoft Edge (Chromium-based)
CVE-2025-4372
Chromium: CVE-2025-4372 Use after free in WebAudio
Unknown
Microsoft Office
CVE-2025-30377
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office
CVE-2025-30386
Microsoft Office Remote Code Execution Vulnerability
Critical
Microsoft Office Excel
CVE-2025-29977
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30383
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-29979
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30376
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30393
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-32704
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30375
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30379
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Excel
CVE-2025-30381
Microsoft Excel Remote Code Execution Vulnerability
Important
Microsoft Office Outlook
CVE-2025-32705
Microsoft Outlook Remote Code Execution Vulnerability
Important
Microsoft Office PowerPoint
CVE-2025-29978
Microsoft PowerPoint Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-30378
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-30382
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-30384
Microsoft SharePoint Server Remote Code Execution Vulnerability
Important
Microsoft Office SharePoint
CVE-2025-29976
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Important
Microsoft PC Manager
CVE-2025-29975
Microsoft PC Manager Elevation of Privilege Vulnerability
Important
Microsoft Power Apps
CVE-2025-47733
Microsoft Power Apps Information Disclosure Vulnerability
Critical
Microsoft Scripting Engine
CVE-2025-30397
Scripting Engine Memory Corruption Vulnerability
Important
Remote Desktop Gateway Service
CVE-2025-26677
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Important
Remote Desktop Gateway Service
CVE-2025-29967
Remote Desktop Client Remote Code Execution Vulnerability
Critical
Remote Desktop Gateway Service
CVE-2025-29831
Windows Remote Desktop Services Remote Code Execution Vulnerability
Important
Remote Desktop Gateway Service
CVE-2025-30394
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Important
Role: Windows Hyper-V
CVE-2025-29955
Windows Hyper-V Denial of Service Vulnerability
Important
Universal Print Management Service
CVE-2025-29841
Universal Print Management Service Elevation of Privilege Vulnerability
Important
UrlMon
CVE-2025-29842
UrlMon Security Feature Bypass Vulnerability
Important
Visual Studio
CVE-2025-32703
Visual Studio Information Disclosure Vulnerability
Important
Visual Studio
CVE-2025-32702
Visual Studio Remote Code Execution Vulnerability
Important
Visual Studio Code
CVE-2025-21264
Visual Studio Code Security Feature Bypass Vulnerability
Important
Web Threat Defense (WTD.sys)
CVE-2025-29971
Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Important
Windows Ancillary Function Driver for WinSock
CVE-2025-32709
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Important
Windows Common Log File System Driver
CVE-2025-32701
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Important
Windows Common Log File System Driver
CVE-2025-30385
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Important
Windows Common Log File System Driver
CVE-2025-32706
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Important
Windows Deployment Services
CVE-2025-29957
Windows Deployment Services Denial of Service Vulnerability
Important
Windows Drivers
CVE-2025-29838
Windows ExecutionContext Driver Elevation of Privilege Vulnerability
Important
Windows DWM
CVE-2025-30400
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Important
Windows File Server
CVE-2025-29839
Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
Important
Windows Fundamentals
CVE-2025-29969
MS-EVEN RPC Remote Code Execution Vulnerability
Important
Windows Hardware Lab Kit
CVE-2025-27488
Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
Important
Windows Installer
CVE-2025-29837
Windows Installer Information Disclosure Vulnerability
Important
Windows Kernel
CVE-2025-24063
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
Important
Windows Kernel
CVE-2025-29974
Windows Kernel Information Disclosure Vulnerability
Important
Windows LDAP – Lightweight Directory Access Protocol
CVE-2025-29954
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Important
Windows Media
CVE-2025-29962
Windows Media Remote Code Execution Vulnerability
Important
Windows Media
CVE-2025-29963
Windows Media Remote Code Execution Vulnerability
Important
Windows Media
CVE-2025-29964
Windows Media Remote Code Execution Vulnerability
Important
Windows Media
CVE-2025-29840
Windows Media Remote Code Execution Vulnerability
Important
Windows NTFS
CVE-2025-32707
NTFS Elevation of Privilege Vulnerability
Important
Windows Remote Desktop
CVE-2025-29966
Remote Desktop Client Remote Code Execution Vulnerability
Critical
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29836
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29959
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29835
Windows Remote Access Connection Manager Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29960
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29832
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29830
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29961
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Routing and Remote Access Service (RRAS)
CVE-2025-29958
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Important
Windows Secure Kernel Mode
CVE-2025-27468
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
Important
Windows SMB
CVE-2025-29956
Windows SMB Information Disclosure Vulnerability
Important
Windows Trusted Runtime Interface Driver
CVE-2025-29829
Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
Important
Windows Virtual Machine Bus
CVE-2025-29833
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Critical
Windows Win32K – GRFX
CVE-2025-30388
Windows Graphics Component Remote Code Execution Vulnerability
Important

Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.

Read the Red Report 2025

You Might Also Like

You may also like

From a reluctant farm worker to a raisin trailblazer

Booth Cherry Creek Angus 53rd Annual ‘Progress Trough Performance’ Bull Sale

Navigating industry leaders highlight strategies to maximize value

Tinubu hails BUA’s MoU with UAE firms

Ankole bull sold for R700 000 at Lasarus Game Farm auction

Lemke Cattle Bull & Female Sale

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Welcome to WikDaily, your trusted source for the latest news, trends, and insights across the globe. We are a dynamic blog-style news platform committed to delivering fast, accurate, and engaging content across a variety of topics—from breaking headlines to deep dives into tech, business, entertainment, travel, sports, and more.

Facebook Instagram X-twitter

Useful Links

Edtior's Picks

SBI Holdings Targets Majority Stake in Singapore Alternate Coinhako
New Mexico lawmakers launch probe into Epstein’s Zorro Ranch | Sexual Assault Information
Miller Angus Annual Bull Sale

Latest Articles

SBI Holdings Targets Majority Stake in Singapore Alternate Coinhako
New Mexico lawmakers launch probe into Epstein’s Zorro Ranch | Sexual Assault Information
Miller Angus Annual Bull Sale
Steak ‘n Shake Says Bitcoin Has Lifted Sales ‘Dramatically’ in 9 Months

wikdaily 2025. Designed and Developed by Pro