Microsoft on Tuesday shipped fixes to handle a complete of 78 safety flaws throughout its software program lineup, together with a set of 5 zero-days which have come below energetic exploitation within the wild.
Of the 78 flaws resolved by the tech large, 11 are rated Essential, 66 are rated Vital, and one is rated Low in severity. Twenty-eight of those vulnerabilities result in distant code execution, 21 of them are privilege escalation bugs, and 16 others are categorised as data disclosure flaws.
The updates are along with eight extra safety defects patched by the corporate in its Chromium-based Edge browser for the reason that launch of final month’s Patch Tuesday replace.
The 5 vulnerabilities which have come below energetic exploitation within the wild are listed beneath –
- CVE-2025-30397 (CVSS rating: 7.5) – Scripting Engine Reminiscence Corruption Vulnerability
- CVE-2025-30400 (CVSS rating: 7.8) – Microsoft Desktop Window Supervisor (DWM) Core Library Elevation of Privilege Vulnerability
- CVE-2025-32701 (CVSS rating: 7.8) – Home windows Widespread Log File System (CLFS) Driver Elevation of Privilege Vulnerability
- CVE-2025-32706 (CVSS rating: 7.8) – Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
- CVE-2025-32709 (CVSS rating: 7.8) – Home windows Ancillary Operate Driver for WinSock Elevation of Privilege Vulnerability
Whereas the primary three flaws have been credited to Microsoft’s personal menace intelligence staff, Benoit Sevens of Google Risk Intelligence Group and the CrowdStrike Superior Analysis Workforce have been acknowledged for the invention of CVE-2025-32706. An nameless researcher has been credited with reporting CVE-2025-32709.
“One other zero-day vulnerability has been recognized within the Microsoft Scripting Engine, a key element utilized by Web Explorer and Web Explorer mode in Microsoft Edge,” Alex Vovk, CEO and co-founder of Action1, stated about CVE-2025-30397.
“Attackers can exploit the flaw through a malicious internet web page or script that causes the scripting engine to misread object sorts, leading to reminiscence corruption and arbitrary code execution within the context of the present person. If the person has administrative privileges, attackers may acquire full system management – enabling information theft, malware set up, and lateral motion throughout networks.”
CVE-2025-30400 is the third privilege escalation flaw in DWM Core Library to be weaponized within the wild since 2023. In Might 2024, Microsoft issued patches for CVE-2024-30051, which Kaspersky stated was utilized in assaults distributing QakBot (aka Qwaking Mantis) malware.
“Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM,” Satnam Narang, senior workers analysis engineer at Tenable, stated in a press release shared with The Hacker Information.
“In reality, the April 2025 launch included fixes for 5 DWM Core Library elevation of privilege vulnerabilities. Previous to CVE-2025-30400, solely two DWM elevation of privilege bugs had been exploited as zero days – CVE-2024-30051 in 2024 and CVE-2023-36033 in 2023.”
CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation flaws to be found within the CLFS element and have been exploited in real-world assaults since 2022. Final month, Microsoft revealed that CVE-2025-29824 was exploited in restricted assaults to focus on firms within the U.S., Venezuela, Spain, and Saudi Arabia.
CVE-2025-29824 can be stated to have been exploited as a zero-day by menace actors linked to the Play ransomware household as a part of an assault focusing on an unnamed group within the U.S., Broadcom-owned Symantec revealed earlier this month.
CVE-2025-32709, likewise, is the third privilege escalation flaw within the Ancillary Operate Driver for WinSock element to have come below abuse inside a span of a yr, after CVE-2024-38193 and CVE-2025-21418. It is price noting that the exploitation of CVE-2024-38193 has been attributed to the North Korea-linked Lazarus Group.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add all 5 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal businesses to use the fixes by June 3, 2025.
Microsoft’s Patch Tuesday replace additionally addresses a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684, CVSS rating: 6.7) that would allow a licensed attacker to raise privileges regionally.
Stratascale researcher Wealthy Mirch, who is likely one of the two researchers, acknowledged for reporting the vulnerability, stated the problem is rooted in a Python helper script that features a perform (“grab_java_version()”) to find out the Java Runtime Setting (JRE) model.
“The perform determines the placement of the Java binary on disk by checking the /proc/
One other notable flaw is a spoofing vulnerability affecting Microsoft Defender for Identification (CVE-2025-26685, CVSS rating: 6.5) that permits an attacker with LAN entry to carry out spoofing over an adjoining community.
“The lateral motion path detection function can itself probably be exploited by an adversary to acquire an NTLM hash,” Adam Barnett, lead software program engineer at Rapid7, stated in a press release. “The compromised credentials on this case could be these of the Listing Providers account, and exploitation depends on attaining fallback from Kerberos to NTLM.”
The vulnerability with the maximum-severity is CVE-2025-29813 (CVSS rating: 10.0), a privilege escalation flaw in Azure DevOps Server that permits an unauthorized attacker to raise privileges over a community. Microsoft stated the shortcoming has been already deployed within the cloud and there’s no motion required on the a part of prospects.
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
