Microsoftβs Patch Tuesday for May 2025 addresses critical vulnerabilities, including five actively exploited zero days and eight high-risk vulnerabilities, affecting various Microsoft systems and software. These patches help mitigate significant security threats posed by remote code execution, privilege elevation, and information disclosure.
Affected: Microsoft, Azure, Edge, Power Apps, Dataverse, SharePoint, Windows, Office
Keypoints
- Five zero-day vulnerabilities were actively exploited and added to CISAβs Known Exploited Vulnerabilities catalog.
- Microsoft patched a total of 78 vulnerabilities, including issues in Windows, Office, and Microsoft Edge.
- The zero days include vulnerabilities in Microsoft Scripting Engine, DWM Core Library, and Log File System Driver, with severity ratings from 7.5 to 7.8.
- Critical Azure vulnerabilities, such as in Azure DevOps and Storage, have been fully mitigated prior to this update.
- Eight vulnerabilities are deemed high risk with a higher likelihood of exploitation, with severity ratings up to 8.4.
- The update also includes fixes from other vendors for various security flaws in different software products.
- The report emphasizes the importance of applying these patches to mitigate potential security breaches and system compromises.
Read More: https://thecyberexpress.com/microsoft-patch-tuesday-may-2025/