Microsoft has released its May 2025 Patch Tuesday updates, addressing 78 security vulnerabilities, including five actively exploited zero-day flaws. These updates cover Windows, Microsoft Office, Azure, Visual Studio, and other Microsoft products, providing essential security fixes to mitigate remote code execution (RCE), privilege escalation, and information disclosure risks.
This month’s security patches are critical for organizations and individual users, as they include fixes for vulnerabilities actively exploited by cybercriminals. The update also strengthens Windows security, cloud infrastructure, and enterprise applications, ensuring protection against malware, ransomware, and unauthorized access.
1. Key Highlights of May 2025 Patch Tuesday
Total Vulnerabilities Fixed: 78
- Critical Vulnerabilities: 11
- Zero-Day Exploits: 5
- Remote Code Execution (RCE) Flaws: 29
- Privilege Escalation Vulnerabilities: 18
- Information Disclosure Issues: 14
- Denial-of-Service (DoS) Vulnerabilities: 7
- Spoofing & Security Feature Bypass: 4
Zero-Day Vulnerabilities Under Active Exploitation
Microsoft has confirmed that five vulnerabilities patched this month were actively exploited in the wild, posing immediate threats to organizations and individuals:
1️⃣ CVE-2025-30397 – Microsoft Scripting Engine Vulnerability
- CVSS Score: 7.5 (High)
- Impact: Allows attackers to execute malicious code via specially crafted web content.
- Exploitation: Detected in phishing campaigns targeting Microsoft Edge and Internet Explorer users.
2️⃣ CVE-2025-30400 – Windows Desktop Window Manager (DWM) Privilege Escalation
- CVSS Score: 7.8 (High)
- Impact: Enables privilege escalation, allowing attackers to gain SYSTEM-level access.
- Exploitation: Confirmed in targeted attacks against enterprise environments.
3️⃣ CVE-2025-32701 – Windows Common Log File System Driver Privilege Escalation
- CVSS Score: 7.8 (High)
- Impact: Allows privilege escalation, posing risks to system integrity.
- Exploitation: Actively used in malware campaigns to gain administrative control.
4️⃣ CVE-2025-32706 – Windows Common Log File System Driver Privilege Escalation
- CVSS Score: 7.8 (High)
- Impact: Another privilege escalation vulnerability, actively exploited.
- Exploitation: Used in ransomware attacks to bypass security restrictions.
5️⃣ CVE-2025-32709 – Windows Ancillary Function Driver for WinSock Privilege Escalation
- CVSS Score: 7.8 (High)
- Impact: Allows attackers to escalate privileges, confirmed as exploited in nation-state cyberattacks.
2. Affected Microsoft Products
Windows OS Updates
- Windows 11 (24H2, 23H2) – KB5058411 & KB5058405
- Windows 10 (22H2, 21H2) – KB5058379
- Windows Server 2019, 2022
Microsoft Office Updates
- Microsoft Office 365
- Office 2019, 2021
- Excel, Word, Outlook security patches
Azure & Cloud Services
- Azure DevOps (CVE-2025-29813) – Critical (CVSS 10.0)
- Azure Automation (CVE-2025-29827) – High Severity (CVSS 9.9)
- Azure Storage Resource Provider (CVE-2025-29972)
3. Notable Security Fixes
Remote Code Execution (RCE) Vulnerabilities
- Microsoft Office (CVE-2025-30386 & CVE-2025-30377) – Exploitable via Preview Pane in Outlook, allowing attackers to execute malicious code without user interaction.
- Remote Desktop Client & Gateway Service (CVE-2025-29966 & CVE-2025-29967) – Allows arbitrary code execution on both client and server systems, posing risks to enterprise networks.
Privilege Escalation Issues
- Windows Local Security Authority (LSA) (CVE-2025-21191) – Enables unauthorized access to sensitive system functions, allowing attackers to bypass authentication mechanisms.
- Windows Kerberos (CVE-2025-26644) – Allows attackers to forge authentication tokens, leading to unauthorized access.
Denial-of-Service (DoS) Fixes
- Windows HTTP.sys (CVE-2025-27472) – Can be exploited to crash web services, disrupting online applications.
- Windows Update Stack (CVE-2025-27474) – Prevents attackers from disrupting system updates, ensuring patch integrity.
4. Recommended Actions for Users & IT Administrators
A. Apply Security Updates Immediately
✅ Install Windows Update patches via Windows Update Settings.
✅ Update Microsoft Office using Office Update Manager.
✅ Apply Azure security patches for cloud-based services.
B. Enable Multi-Factor Authentication (MFA)
🔹 Protect Microsoft accounts from unauthorized access.
🔹 Secure Azure and Office 365 environments with MFA.
C. Monitor for Exploitation Attempts
🔸 Deploy Intrusion Detection Systems (IDS) to flag suspicious activity.
🔸 Audit LDAP logs for unauthorized SYSTEM privilege escalations.
5. Conclusion
The May 2025 Patch Tuesday update is critical for securing Windows, Office, and Azure environments. With 78 vulnerabilities patched, including five actively exploited zero-day flaws, organizations must prioritize updates to prevent cyberattacks.
