Microsoftβs May 2025 Patch Tuesday addresses security updates for 72 vulnerabilities, including five actively exploited zero-days and two publicly disclosed flaws. The updates fix critical flaws across various Windows components, affecting systems and services globally, with a focus on elevation of privilege, remote code execution, and information disclosure vulnerabilities.
Affected: Microsoft Windows, Microsoft Defender, Microsoft Edge, Microsoft Office, Azure, Visual Studio, Remote Desktop, and other Microsoft services.
Affected: Microsoft Windows, Microsoft Defender, Microsoft Edge, Microsoft Office, Azure, Visual Studio, Remote Desktop, and other Microsoft services.
Keypoints
- This Patch Tuesday includes fixes for 72 vulnerabilities, with five actively exploited zero-days addressed.
- Five vulnerabilities are classified as βCritical,β mainly involving remote code execution and privilege escalation.
- The actively exploited zero-days include flaws in Microsoft DWM Core Library, Windows Log File System Driver, and WinSock Driver, allowing privilege escalation.
- Two publicly disclosed zero-days affect Microsoft Defender for Identity and Visual Studio, enabling spoofing and remote code execution.
- Other vulnerabilities involve various Microsoft products like Edge, Office, Azure, and Remote Desktop Services, impacting user security worldwide.
- Several vulnerabilities require user interaction or specific conditions, but some allow remote, unauthenticated exploitation.
- Additionally, updates were released by other vendors such as Apple, Cisco, Fortinet, Google, Intel, SAP, and SonicWall to fix respective critical security flaws.