Site icon Cyber Pross

Microsoft Patch Tuesday – May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day

admin

Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws.

The updates affect products including Windows, Microsoft Office, Azure, Visual Studio, and more. Users and system administrators are strongly urged to apply these patches immediately.

🧩 Vulnerability Breakdown

Out of 72 vulnerabilities, Microsoft addressed:

πŸ”₯ Actively Exploited Zero-Day Vulnerabilities

The five zero-days patched this month are:

1. CVE-2025-30397 (Microsoft Scripting Engine)

2. CVE-2025-30400 (Windows DWM)

3. CVE-2025-32701 (Windows Common Log File System Driver)

4. CVE-2025-32706 (Windows Common Log File System Driver)

5. CVE-2025-32709 (Windows Ancillary Function Driver for WinSock)

πŸ—‚οΈ Office and Windows Vulnerabilities

Multiple high-risk vulnerabilities were found in Office and Windows components:

πŸ“‹ Sample Vulnerability Table

CVE NumberComponentImpactSeverity
CVE-2025-29966Remote Desktop ClientRemote Code ExecutionCritical
CVE-2025-30377Microsoft OfficeRemote Code ExecutionCritical
CVE-2025-26684Microsoft DefenderElevation of PrivilegeImportant
CVE-2025-29959RRASInformation DisclosureImportant
CVE-2025-29968Active Directory Certificate ServicesDenial of ServiceImportant
CVE-2025-29979Microsoft ExcelRemote Code ExecutionImportant
CVE-2025-26685Defender for IdentitySpoofingImportant
CVE-2025-32703Visual StudioInformation DisclosureImportant
CVE-2025-21264VS CodeSecurity Feature BypassImportant

πŸ”½ The full list includes 78 vulnerabilities. Visit the full article for the complete table:
Microsoft Patch Tuesday – May 2025

βœ… Recommendations

Exit mobile version