Microsoft on Tuesday shipped fixes to deal with a complete of 78 safety flaws throughout its software program lineup, together with a set of 5 zero-days which have come below energetic exploitation within the wild.
Of the 78 flaws resolved by the tech large, 11 are rated Essential, 66 are rated Essential, and one is rated Low in severity. Twenty-eight of those vulnerabilities result in distant code execution, 21 of them are privilege escalation bugs, and 16 others are labeled as info disclosure flaws.
The updates are along with eight extra safety defects patched by the corporate in its Chromium-based Edge browser for the reason that launch of final month’s Patch Tuesday replace.
The 5 vulnerabilities which have come below energetic exploitation within the wild are listed beneath –
CVE-2025-30397 (CVSS rating: 7.5) – Scripting Engine Reminiscence Corruption Vulnerability
CVE-2025-30400 (CVSS rating: 7.8) – Microsoft Desktop Window Supervisor (DWM) Core Library Elevation of Privilege Vulnerability
CVE-2025-32701 (CVSS rating: 7.8) – Home windows Widespread Log File System (CLFS) Driver Elevation of Privilege Vulnerability
CVE-2025-32706 (CVSS rating: 7.8) – Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32709 (CVSS rating: 7.8) – Home windows Ancillary Perform Driver for WinSock Elevation of Privilege Vulnerability
Whereas the primary three flaws have been credited to Microsoft’s personal menace intelligence workforce, Benoit Sevens of Google Risk Intelligence Group and the CrowdStrike Superior Analysis Crew have been acknowledged for the invention of CVE-2025-32706. An nameless researcher has been credited with reporting CVE-2025-32709.
“One other zero-day vulnerability has been recognized within the Microsoft Scripting Engine, a key element utilized by Web Explorer and Web Explorer mode in Microsoft Edge,” Alex Vovk, CEO and co-founder of Action1, mentioned about CVE-2025-30397.
“Attackers can exploit the flaw by way of a malicious internet web page or script that causes the scripting engine to misread object sorts, leading to reminiscence corruption and arbitrary code execution within the context of the present person. If the person has administrative privileges, attackers might acquire full system management – enabling information theft, malware set up, and lateral motion throughout networks.”
CVE-2025-30400 is the third privilege escalation flaw in DWM Core Library to be weaponized within the wild since 2023. In Could 2024, Microsoft issued patches for CVE-2024-30051, which Kaspersky mentioned was utilized in assaults distributing QakBot (aka Qwaking Mantis) malware.
“Since 2022, Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM,” Satnam Narang, senior employees analysis engineer at Tenable, mentioned in an announcement shared with The Hacker Information.
“In truth, the April 2025 launch included fixes for 5 DWM Core Library elevation of privilege vulnerabilities. Previous to CVE-2025-30400, solely two DWM elevation of privilege bugs had been exploited as zero days – CVE-2024-30051 in 2024 and CVE-2023-36033 in 2023.”
CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation flaws to be found within the CLFS element and have been exploited in real-world assaults since 2022. Final month, Microsoft revealed that CVE-2025-29824 was exploited in restricted assaults to focus on firms within the U.S., Venezuela, Spain, and Saudi Arabia.
CVE-2025-29824 can also be mentioned to have been exploited as a zero-day by menace actors linked to the Play ransomware household as a part of an assault focusing on an unnamed group within the U.S., Broadcom-owned Symantec revealed earlier this month.
CVE-2025-32709, likewise, is the third privilege escalation flaw within the Ancillary Perform Driver for WinSock element to have come below abuse inside a span of a 12 months, after CVE-2024-38193 and CVE-2025-21418. It is value noting that the exploitation of CVE-2024-38193 has been attributed to the North Korea-linked Lazarus Group.
The event has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add all 5 vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal companies to use the fixes by June 3, 2025.
Microsoft’s Patch Tuesday replace additionally addresses a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684, CVSS rating: 6.7) that might allow a certified attacker to raise privileges regionally.
Stratascale researcher Wealthy Mirch, who is without doubt one of the two researchers, acknowledged for reporting the vulnerability, mentioned the problem is rooted in a Python helper script that features a perform (“grab_java_version()”) to find out the Java Runtime Atmosphere (JRE) model.
“The perform determines the situation of the Java binary on disk by checking the /proc/<PID>/exe symbolic hyperlink after which executes the java -version command,” Mirch defined. “The issue is the Java binary may very well be operating from an untrusted location. A malicious native unprivileged person can create a course of with the title java or javaw, which is able to ultimately be executed with root privileges to find out the model of the JRE.”
One other notable flaw is a spoofing vulnerability affecting Microsoft Defender for Id (CVE-2025-26685, CVSS rating: 6.5) that enables an attacker with LAN entry to carry out spoofing over an adjoining community.
“The lateral motion path detection characteristic can itself probably be exploited by an adversary to acquire an NTLM hash,” Adam Barnett, lead software program engineer at Rapid7, mentioned in an announcement. “The compromised credentials on this case can be these of the Listing Providers account, and exploitation depends on reaching fallback from Kerberos to NTLM.”
The vulnerability with the maximum-severity is CVE-2025-29813 (CVSS rating: 10.0), a privilege escalation flaw in Azure DevOps Server that enables an unauthorized attacker to raise privileges over a community. Microsoft mentioned the shortcoming has been already deployed within the cloud and there’s no motion required on the a part of prospects.
Software program Patches from Different Distributors
Along with Microsoft, safety updates have additionally been launched by different distributors over the previous few weeks to rectify a number of vulnerabilities, together with —
Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.
