Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day

Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws.

The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to apply patches immediately to mitigate potential risks.

Out of 72 vulnerabilities, Microsoft fixes 29 Remote Code Execution, 18 Elevation of Privilege, 14 Information Disclosure, 7 Denial of Service, 2 Spoofing, and 2 Security Feature Bypass.

Critical Zero-Day Vulnerabilities Under Active Exploitation

Five vulnerabilities patched this month were confirmed to be actively exploited in the wild, posing immediate threats to organizations and individuals. These zero-days include:

1. CVE-2025-30397 (Microsoft Scripting Engine) – With a CVSS score of 7.5, this flaw allows attackers to execute malicious code via specially crafted web content. Exploitation has been detected, and Microsoft strongly recommends immediate patching.
2. CVE-2025-30400 (Windows DWM) – Scoring 7.8, this vulnerability in the Windows Desktop Window Manager could allow attackers to gain elevated privileges, with confirmed exploitation in the wild.
3. CVE-2025-32701 (Windows Common Log File System Driver) – Also rated 7.8, this flaw enables privilege escalation and has been actively exploited, posing risks to system integrity.
4. CVE-2025-32706 (Windows Common Log File System Driver) – Another privilege escalation vulnerability with a 7.8 CVSS score, actively exploited and requiring urgent attention.
5. CVE-2025-32709 (Windows Ancillary Function Driver for WinSock) – Rated 7.8, this flaw allows attackers to escalate privileges and has been confirmed as exploited.

Office and Windows Vulnerabilities

Microsoft Office products, particularly Excel and SharePoint, were heavily impacted, with multiple vulnerabilities rated 7.8 or higher. For example:

• CVE-2025-29976 (Microsoft Office SharePoint) – A 7.8-rated flaw that could allow attackers to escalate privileges locally.
• CVE-2025-30393 (Microsoft Office Excel) – One of several Excel vulnerabilities, rated 7.8, that could lead to remote code execution via malicious files.

Windows components also saw significant patches, with vulnerabilities in the Windows Kernel, Remote Desktop Gateway Service, and Routing and Remote Access Service (RRAS). Notably, CVE-2025-24063 (Windows Kernel), rated 7.8, is considered “Exploitation More Likely,” highlighting the need for prompt updates.

Microsoft Patch Tuesday May 2025 Vulnerability List

CVE Number	CVE Title	Impact	Max Severity
CVE-2025-29966	Remote Desktop Client Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2025-29967	Remote Desktop Client Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2025-30377	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2025-30386	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2025-29833	Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability	Remote Code Execution	Critical
CVE-2025-26629	Microsoft Office Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-26646	.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability	Spoofing	Important
CVE-2025-26684	Microsoft Defender Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29959	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29960	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29964	Windows Media Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29968	Active Directory Certificate Services (AD CS) Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-29969	MS-EVEN RPC Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29970	Microsoft Brokering File System Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29973	Microsoft Azure File Sync Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29971	Web Threat Defense (WTD.sys) Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-29975	Microsoft PC Manager Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29976	Microsoft SharePoint Server Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29977	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29978	Microsoft PowerPoint Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29979	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30375	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30376	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30378	Microsoft SharePoint Server Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30379	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30381	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30382	Microsoft SharePoint Server Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30383	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30384	Microsoft SharePoint Server Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30387	Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-27468	Windows Kernel-Mode Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-30393	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29826	Microsoft Dataverse Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-30394	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-30400	Microsoft DWM Core Library Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-32701	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-32703	Visual Studio Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-32706	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-21264	Visual Studio Code Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2025-32709	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-26677	Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-27488	Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-26685	Microsoft Defender for Identity Spoofing Vulnerability	Spoofing	Important
CVE-2025-29829	Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29830	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29831	Windows Remote Desktop Services Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29832	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29835	Windows Remote Access Connection Manager Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29836	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29837	Windows Installer Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29838	Windows ExecutionContext Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29839	Windows Multiple UNC Provider Driver Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29840	Windows Media Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29841	Universal Print Management Service Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-29842	UrlMon Security Feature Bypass Vulnerability	Security Feature Bypass	Important
CVE-2025-29954	Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-29955	Windows Hyper-V Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-29956	Windows SMB Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29957	Windows Deployment Services Denial of Service Vulnerability	Denial of Service	Important
CVE-2025-29958	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29961	Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-29962	Windows Media Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29963	Windows Media Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-29974	Windows Kernel Information Disclosure Vulnerability	Information Disclosure	Important
CVE-2025-30385	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-30388	Windows Graphics Component Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-30397	Scripting Engine Memory Corruption Vulnerability	Remote Code Execution	Important
CVE-2025-32702	Visual Studio Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-32704	Microsoft Excel Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-32705	Microsoft Outlook Remote Code Execution Vulnerability	Remote Code Execution	Important
CVE-2025-32707	NTFS Elevation of Privilege Vulnerability	Elevation of Privilege	Important
CVE-2025-24063	Kernel Streaming Service Driver Elevation of Privilege Vulnerability	Elevation of Privilege	Important

Microsoft strongly recommends that users and IT administrators apply these updates immediately through Windows Update or enterprise management tools. Given the presence of an actively exploited zero-day, delaying could leave systems vulnerable to ongoing attacks.

As cyber threats grow in sophistication, the May 2025 Patch Tuesday update reinforces the necessity of proactive security measures. Patch your systems promptly to safeguard against these vulnerabilities and maintain a strong defense against potential exploits.

Other Notable Security Updates

• Fortinet released security updates for various products, including an actively exploited zero-day vulnerability.
• SAP releases security updates for multiple products, including a critical 0-day RCE flaw.
• Apple released security updates for iOS, iPadOS, and macOS.
• Ivanti released patches for ITSM, Cloud Security & Neurons
• Zoom Workplace Apps Vulnerabilities Patched, including Privilege Escalation Flaws
• VMware Aria XSS Vulnerability & VMware Tools Vulnerability patched

The post Microsoft Patch Tuesday May 2025: 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Day appeared first on Cyber Security News.