Yesterday was Patch Tuesday, and Microsoft provided security updates that addressed 77 new vulnerabilities, with five security vulnerabilities in Windows already being exploited in the wild, and several others in Windows and Office being labeled as “critical.”
Microsoft offers sparse details on the vulnerabilities in the Security Update Guide, but Dustin Childs goes into more detail in Trend Micro’s ZDI blog with an eye for admins who manage corporate networks.
The next Patch Tuesday is expected to happen on June 10th, 2025.
Security vulnerabilities in Windows
A large number of the vulnerabilities—44 this time—are spread across the various Windows versions (10, 11, and Server) for which Microsoft still offers security updates. Although Windows 7 and 8.1 are no longer mentioned in the security reports, they could still be vulnerable. If your system requirements allow it, you should upgrade to Windows 11 24H2 before October to continue receiving security updates.
Zero-day Windows vulnerabilities
According to Microsoft, there are already attacks on a total of five security vulnerabilities in Windows, with the CVE-2025-30397 remote code execution (RCE) vulnerability standing out. If Edge is your default browser, all it takes is a click on a crafted link to force Edge to switch to Internet Explorer mode (a legacy feature that remains in all Windows versions because the MSHTML platform is still used by some older apps).
The other zero-day vulnerabilities include EoP (Elevation of Privilege) issues, which attackers can use to give their code higher authorizations, even system rights. Typically, such vulnerabilities are used in combination with an RCE vulnerability. This allows infiltrated code to be executed with full system rights, which ransomware groups love to do.
These vulnerabilities affect the Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706), the Ancillary Function Driver for WinSock (CVE-2025-32709) and the Desktop Window Manager core library (CVE-2025-30400).
Critical Windows vulnerabilities
Microsoft has identified two closely related vulnerabilities in the Remote Desktop Client as critical (CVE-2025-29966, CVE-2025-29967). If a user connects to a malicious RDP server, code can be injected and executed. Also, the RCE vulnerability CVE-2025-29833 in the Virtual Machine Bus requires the authorizations of a logged-in user to be exploited.
Security vulnerabilities in Office
Microsoft has fixed 18 vulnerabilities in its Office product family, including 17 RCE vulnerabilities. Two use-after-free vulnerabilities (CVE-2025-30377 and CVE-2025-30386) are classified as critical. For these two RCE vulnerabilities, the preview window is an attack vector, meaning it can allow a successful attack when a prepared file is displayed in the preview. The user doesn’t even have to click on it or open it.
Microsoft categorizes the other vulnerabilities as high risk. Nine of these RCE vulnerabilities are in Excel, three affect SharePoint, plus one each in PowerPoint and Outlook. With these vulnerabilities, a successful attack requires a user to open a specially prepared file. Malicious code can then be executed with user rights.
Security vulnerabilities in cloud services
On May 8th, Microsoft fixed six security vulnerabilities in Azure, Dataverse, and Power Apps that were classified as critical. These include CVE-2025-29813 (an EoP vulnerability in Azure) and two other Azure vulnerabilities. Microsoft customers don’t need to take any action.
Autentifică-te pentru a adăuga comentarii
Alte posturi din acest grup
As a PC gamer, you may have already seen some panic around the web re
In addition to gobbling up most of the internet, ChatGPT now wants ac
Space Marine II now has official mod support baked into the
Malware is a thing you just have to be aware of. But it’s pretty rare
Alongside the latest security fixes, Microsoft just added a number of
Just as we were growing accustomed to the term “Max,” HBO Max will so
