Microsoft Security Patches – May 2025

On May 13, 2025, Microsoft released its monthly Patch Tuesday security update, addressing a total of 75 vulnerabilities. Five of these vulnerabilities have been identified as actively exploited zero-days, while two others have been publicly disclosed without evidence of exploitation. Additionally, 12 critical vulnerabilities, mainly related to Remote Code Execution (RCE) and privilege escalation, have been fixed.

These vulnerabilities impact a wide range of products, including Windows (10, 11, and server versions), Microsoft Office, Visual Studio, Edge (IE mode), and services such as Active Directory and Remote Desktop Gateway. The severity of this patch cycle highlights the urgent need to apply these updates.

Analysis

Actively Exploited Zero-days

• CVE-2025-30397 (CVSS 7.5): Memory corruption in scripting engine (RCE), actively exploited.
• CVE-2025-32706 (CVSS ND): Privilege escalation in CLFS, actively exploited.
• CVE-2025-32701 (CVSS ND): Additional privilege escalation in CLFS, actively exploited.
• CVE-2025-32709 (CVSS ND): Privilege escalation in Windows WinSock Helper, actively exploited.
• CVE-2025-32392 (CVSS ND): Browser-based RCE in MSHTML (Edge IE mode), actively exploited.

Other Critical Vulnerabilities

• CVE-2025-30504 (CVSS 9.8): Privilege escalation.
• CVE-2025-30501 (CVSS 8.1): Remote code execution.
• CVE-2025-30506 (CVSS 8.5): Remote code execution.
• CVE-2025-30502 (CVSS 8.8): Remote code execution.

Affected Resources

• Operating Systems: Windows 10 and 11.
• Applications: Microsoft Edge (IE mode), Visual Studio, Microsoft Defender for Identity.
• Services: Windows RRAS, Remote Desktop Gateway, Active Directory Certificate Services (AD CS).

Recommendations

• Immediately apply all Microsoft-issued patches.
• Prioritize mitigation of the 5 zero-days, especially on internet-facing systems.
• Disable IE mode in Microsoft Edge if not necessary.
• Review and strengthen security configurations in RRAS and Remote Desktop Gateway services.