Home > Cyber News > Microsoft Patches 78 Security Issues, 5 Active Zero-Day Exploits
CYBER NEWS

Microsoft Patches 78 Security Issues, 5 Active Zero-Day Exploits

by   |  Last Update:  |  0 Comments  

In its May 2025 security update, Microsoft has rolled out patches for 78 vulnerabilities spanning its product ecosystem. Most notably, five of these flaws (a.k.a. zero-day exploits) have already been exploited in the wild.

May 2025 Patch Tuesday 78 Vulnerabilities

May 2025 Patch Tuesday: 78 Vulnerabilities by Severity

The bulk of this month’s fixes address high-impact threats. Out of the total:

  • 11 vulnerabilities are considered Critical
  • 66 are rated Important
  • 1 is listed as Low risk

Threat categories include:

  • Remote Code Execution (28 flaws)
  • Privilege Escalation (21 flaws)
  • Information Disclosure (16 flaws)

Zero-Day Vulnerabilities Actively Targeted

Five of the issues patched this month were already being exploited prior to disclosure. These include:

  • CVE-2025-30397: A scripting engine flaw enabling attackers to execute code by crafting malicious scripts.
  • CVE-2025-30400: An elevation bug within the Desktop Window Manager, a common target in recent years.
  • CVE-2025-32701 and CVE-2025-32706: Two vulnerabilities in the CLFS driver that allow unauthorized privilege escalation.
  • CVE-2025-32709: A flaw in the WinSock driver that can elevate user privileges if exploited locally.

Some of these vulnerabilities were identified by Microsoft’s internal team, while others were flagged by researchers at Google, CrowdStrike, and independent security experts.

Real-World Impact and Research Insights

The scripting engine issue is especially dangerous, as it allows attackers to take control of a system via a compromised web page or script. If exploited on a machine where the user has admin rights, it could enable full system compromise, including data access and malware deployment.

The Desktop Window Manager bug marks the third such flaw found in that component since 2023. It reflects a recurring attack surface that has been repeatedly abused in malware campaigns such as those linked to QakBot.

CLFS and WinSock Bugs Continue to Draw Attention

CLFS, the Windows logging system, has become an increasingly attractive target for threat actors. Two of the latest privilege escalation vulnerabilities continue the pattern of exploitation seen in previous campaigns across multiple regions, including the U.S. and the Middle East.

The WinSock flaw is part of a growing list of similar vulnerabilities, with some linked to high-profile threat groups such as North Korea’s Lazarus Group.

Linux Defender and Identity Services Also Affected

In addition to Windows vulnerabilities, Microsoft also fixed a local privilege issue in its Linux-based Defender for Endpoint product. The issue stems from insecure handling of a Python script that identifies Java installations, potentially giving attackers unintended root access.

On a separate note, a spoofing vulnerability in Microsoft Defender for Identity was also fixed. This issue could have allowed attackers within a network to harvest NTLM hashes by exploiting fallback authentication protocols.

Highest-Rated Vulnerability Targets Azure DevOps

The most severe vulnerability this month, with a 10.0 on the CVSS scale, affects Azure DevOps Server. While no customer action is required due to pre-deployment in the cloud, the flaw reveals the critical nature of server-side privilege escalation risks in modern DevOps workflows.

U.S. Government Mandates Federal Patch Deadlines

Due to the exploitation of multiple zero-day bugs, the Cybersecurity and Infrastructure Security Agency (CISA) has added the five active threats to its Known Exploited Vulnerabilities catalog. U.S. federal agencies must apply patches for these flaws no later than June 3, 2025.

Recommendations for Organizations

Given the scale and severity of the update spanning 78 vulnerabilities, IT administrators are urged to take the following actions immediately:

  • Install the May 2025 security updates across all endpoints and servers.
  • Audit privileged accounts to ensure minimal access rights.
  • Monitor systems for signs of intrusion, particularly in CLFS and DWM components.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  2. The Windows User Security Bible: Vulnerabilities and Patches If you’re one of those conscious users who acquaint themselves...
  3. Microsoft Warns of Ransomware Attacks Exploiting CVE-2025-29824 Zero-Day On April 8, 2025, Microsoft released its monthly security updates,...
  4. CVE-2025-31200: Apple Patches Two Actively Exploited Zero-Days Apple has rolled out critical security updates across its ecosystem,...
  5. Top 10 Cybersecurity Conferences to Attend in 2025 (Global Guide) In a recent Q&A with Dr. Mansur Hasib, he emphasized...
  6. Microsoft Patches CVE-2019-1214, CVE-2019-1215 Zero-Day Flaws Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch...
  7. Zero-Day Bugs Often Caused by Faulty Security Patches According to Google security researcher Maddie Stone, software developers should...
  8. CVE-2023-28252 Exploited by Nokoyawa Ransomware Yet another Patch Tuesday has rolled out, addressing a total...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree