Microsoft has released its latest monthly Patch Tuesday update, this time offering fixes for 72 security vulnerabilities across its systems. Five of the malicious bugs addressed are zero-days that have been actively exploited, and two have been publicly disclosed.
As Bleeping Computer reports, the May update addresses 17 elevation of privilege flaws, two security feature bypass flaws, 28 remote code execution flaws, 15 information disclosure flaws, seven denial of service flaws, and two spoofing flaws. In addition to the zero-day exploits, six of the remote code execution vulnerabilities are labeled “critical” along with one information disclosure flaw.
If you’re a Windows or Microsoft user, you should ensure your systems are up to date.
Patch Tuesday updates for May 2025
While all of Microsoft’s security updates are important to maintain the integrity of your devices and data, this Patch Tuesday is particularly heavy on zero-days—flaws that are actively exploited or publicly disclosed before the developer issues an official fix.
Four of the five actively exploited zero-days fixed with this update are elevation of privilege flaws. CVE-2025-32701 and CVE-2025-32706 both affect Windows Common Log File System Driver, while CVE-2025-30400 affects Microsoft DWM Core Library, and CVE-2025-32709 Windows Ancillary Function Driver for WinSock. All allow attackers SYSTEM privileges locally.
The fifth active exploit is a remote code execution vulnerability (labeled CVE-2025-30397) in Microsoft Scripting Engine. The flaw can be exploited if an authenticated user clicks a fraudulent link in Microsoft Edge or Internet Explorer, allowing attackers to execute code over a network.
CVE-2025-30397, CVE-2025-32701, and CVE-2025-30400 were discovered by the Microsoft Threat Intelligence Center. CVE-2025-32706 was disclosed by the Google Threat Intelligence Group and the CrowdStrike Advanced Research Team, while CVE-2025-32709 came from an “anonymous” researcher. Microsoft has not disclosed how these flaws were exploited.
One of the publicly disclosed zero-days patched this month is a spoofing flaw in Microsoft Defender (CVE-2025-26685) that allows unauthenticated attackers with LAN access to spoof another account. This was discovered by Joshua Murrell with NetSPI. The final zero-day (CVE-2025-32702) is a remote code execution vulnerability in Visual Studio—Microsoft has not revealed any additional details.
How to protect your PC
You should always install security updates as soon as they become available to minimize the risk to your system. Windows and Microsoft patches are usually downloaded and installed automatically, but you can make sure your PC is good to go via Start > Settings > Windows Update and selecting Check for Windows updates.
