Microsoft on Tuesday launched safety patches masking at the very least 70 vulnerabilities throughout the Home windows OS and software program stack and referred to as pressing consideration to 5 zero-days marked within the “exploitation detected” class.
As a part of the scheduled batch of Patch Tuesday updates, Redmond’s safety response workforce warned that malicious hackers are already exploiting bugs within the Microsoft Scripting Engine and the oft-targeted Home windows Widespread Log File System (CLFS) Driver.
The 5 zero-days marked for instant consideration:
CVE-2025-30397 — Scripting Engine Reminiscence Corruption Vulnerability (distant code execution). Entry of useful resource utilizing incompatible sort (‘sort confusion’) in Microsoft Scripting Engine permits an unauthorized attacker to execute code over a community. This assault requires an authenticated consumer to click on a hyperlink in order that an unauthenticated attacker can provoke distant code execution.
CVE-2025-32709 — Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability. It is a use-after-free reminiscence corruption bug that enables a certified attacker to raise privileges domestically. An attacker who efficiently exploited this vulnerability may achieve administrator privileges.
CVE-2025-32706 — Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability. Microsoft describes this as an improper enter validation flaw in Home windows Widespread Log File System Driver that enables a certified attacker to raise privileges domestically.
CVE-2025-32701 — Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability. It is a use-after-free reminiscence corruption bug that enables a certified attacker to raise privileges domestically.
CVE-2025-30400 –Microsoft DWM Core Library Elevation of Privilege Vulnerability. Described as a use-after-free in Home windows DWM that enables a certified attacker to raise privileges domestically. An attacker who efficiently exploited this vulnerability may achieve SYSTEM privileges.
The corporate didn’t publish indicators of compromise (IOCs) or telemetry information to assist defenders hunt for infections. Info on the concentrating on and victims of the zero-days stay a thriller.
Microsoft has struggled to maintain tempo with attackers exploiting bugs within the CLFS and has been experimenting with a significant new safety mitigation to thwart a surge in cyberattacks from APT and ransomware menace actors.
The corporate has been including Hash-based Message Authentication Codes (HMAC) to detect unauthorized modifications to CLFS log recordsdata and canopy one of the crucial engaging Home windows OS assault floor.
In all, Microsoft documented at the very least 70 safety vulnerabilities throughout the Home windows OS and software program elements, with six bulletins marked as “essential.”
The critical-severity bugs, which all carry distant code execution danger, have an effect on the Home windows Distant Desktop Companies (an unauthorized attacker to execute code over a community); Microsoft Workplace (use-after-free permits an unauthorized attacker to execute code domestically); and the Microsoft Digital Machine Bus VMBUS race situation that permits a certified attacker to execute code over a community.
Associated: Microsoft Intros HMAC-Based mostly Mitigation for Home windows Logfile FlawsAdvertisement. Scroll to proceed studying.
Associated: Microsoft Patches Home windows Zero-Day Exploited by Russian Hackers
Associated: Microsoft Raises Alert for Underneath-Assault Home windows Flaw
Associated: Anatomy of a BlackCat Assault By means of the Eyes of Incident Response
Associated: Home windows Zero-Day Exploited in Nokoyawa Ransomware Assaults
