Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day
Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to apply patches immediately to mitigate […] The post Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day appeared first on Cyber Security News.
Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws.
The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to apply patches immediately to mitigate potential risks.
Out of 72 vulnerabilities, Microsoft fixes 29 Remote Code Execution, 18 Elevation of Privilege, 14 Information Disclosure, 7 Denial of Service, 2 Spoofing, and 2 Security Feature Bypass.
Critical Zero-Day Vulnerabilities Under Active Exploitation
Five vulnerabilities patched this month were confirmed to be actively exploited in the wild, posing immediate threats to organizations and individuals. These zero-days include:
- CVE-2025-30397 (Microsoft Scripting Engine) – With a CVSS score of 7.5, this flaw allows attackers to execute malicious code via specially crafted web content. Exploitation has been detected, and Microsoft strongly recommends immediate patching.
- CVE-2025-30400 (Windows DWM) – Scoring 7.8, this vulnerability in the Windows Desktop Window Manager could allow attackers to gain elevated privileges, with confirmed exploitation in the wild.
- CVE-2025-32701 (Windows Common Log File System Driver) – Also rated 7.8, this flaw enables privilege escalation and has been actively exploited, posing risks to system integrity.
- CVE-2025-32706 (Windows Common Log File System Driver) – Another privilege escalation vulnerability with a 7.8 CVSS score, actively exploited and requiring urgent attention.
- CVE-2025-32709 (Windows Ancillary Function Driver for WinSock) – Rated 7.8, this flaw allows attackers to escalate privileges and has been confirmed as exploited.
Office and Windows Vulnerabilities
Microsoft Office products, particularly Excel and SharePoint, were heavily impacted, with multiple vulnerabilities rated 7.8 or higher. For example:
- CVE-2025-29976 (Microsoft Office SharePoint) – A 7.8-rated flaw that could allow attackers to escalate privileges locally.
- CVE-2025-30393 (Microsoft Office Excel) – One of several Excel vulnerabilities, rated 7.8, that could lead to remote code execution via malicious files.
Windows components also saw significant patches, with vulnerabilities in the Windows Kernel, Remote Desktop Gateway Service, and Routing and Remote Access Service (RRAS). Notably, CVE-2025-24063 (Windows Kernel), rated 7.8, is considered “Exploitation More Likely,” highlighting the need for prompt updates.
Microsoft Patch Tuesday May 2025 Vulnerability List
| CVE Number | CVE Title | Impact | Max Severity |
|---|---|---|---|
| CVE-2025-29966 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-29967 | Remote Desktop Client Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-30377 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-30386 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-29833 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | Remote Code Execution | Critical |
| CVE-2025-26629 | Microsoft Office Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-26646 | .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-26684 | Microsoft Defender Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29959 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29960 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29964 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29968 | Active Directory Certificate Services (AD CS) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-29969 | MS-EVEN RPC Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29970 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29973 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29971 | Web Threat Defense (WTD.sys) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-29975 | Microsoft PC Manager Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29976 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29977 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29978 | Microsoft PowerPoint Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29979 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30375 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30376 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30378 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30379 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30381 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30382 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30383 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30384 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30387 | Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-27468 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-30393 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29826 | Microsoft Dataverse Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-30394 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-32701 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-32703 | Visual Studio Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-21264 | Visual Studio Code Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-32709 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26677 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-27488 | Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-26685 | Microsoft Defender for Identity Spoofing Vulnerability | Spoofing | Important |
| CVE-2025-29829 | Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29830 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29831 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29832 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29835 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29836 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29837 | Windows Installer Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29838 | Windows ExecutionContext Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29839 | Windows Multiple UNC Provider Driver Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29840 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29841 | Universal Print Management Service Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-29842 | UrlMon Security Feature Bypass Vulnerability | Security Feature Bypass | Important |
| CVE-2025-29954 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-29955 | Windows Hyper-V Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-29956 | Windows SMB Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29957 | Windows Deployment Services Denial of Service Vulnerability | Denial of Service | Important |
| CVE-2025-29958 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29961 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-29962 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29963 | Windows Media Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-29974 | Windows Kernel Information Disclosure Vulnerability | Information Disclosure | Important |
| CVE-2025-30385 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-30388 | Windows Graphics Component Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability | Remote Code Execution | Important |
| CVE-2025-32702 | Visual Studio Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-32704 | Microsoft Excel Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-32705 | Microsoft Outlook Remote Code Execution Vulnerability | Remote Code Execution | Important |
| CVE-2025-32707 | NTFS Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
| CVE-2025-24063 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability | Elevation of Privilege | Important |
Microsoft strongly recommends that users and IT administrators apply these updates immediately through Windows Update or enterprise management tools. Given the presence of an actively exploited zero-day, delaying could leave systems vulnerable to ongoing attacks.
As cyber threats grow in sophistication, the May 2025 Patch Tuesday update reinforces the necessity of proactive security measures. Patch your systems promptly to safeguard against these vulnerabilities and maintain a strong defense against potential exploits.
Other Notable Security Updates
- Fortinet released security updates for various products, including an actively exploited zero-day vulnerability.
- SAP releases security updates for multiple products, including a critical 0-day RCE flaw.
- Apple released security updates for iOS, iPadOS, and macOS.
- Ivanti released patches for ITSM, Cloud Security & Neurons
- Zoom Workplace Apps Vulnerabilities Patched, including Privilege Escalation Flaws
- VMware Aria XSS Vulnerability & VMware Tools Vulnerability patched
The post Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day appeared first on Cyber Security News.
