We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Microsoft’s ‘Patch Tuesday’ Update Fixes Seven Zero-Day Exploits

May 14, 2025

Microsoft has rolled out its latest monthly Patch Tuesday update, addressing a total of 72 security vulnerabilities across its systems. Among these, five critical zero-day vulnerabilities have been actively exploited, with two having been publicly disclosed.

Patch Tuesday updates for May 2025

This month’s update is particularly significant due to the emphasis on zero-day vulnerabilities—flaws that are either actively exploited or publicly known prior to the release of an official fix. Of the five zero-days addressed, four pertain to elevation of privilege flaws. Specifically:

  • CVE-2025-32701 and CVE-2025-32706 target the Windows Common Log File System Driver.
  • CVE-2025-30400 affects the Microsoft DWM Core Library.
  • CVE-2025-32709 involves the Windows Ancillary Function Driver for WinSock.

These vulnerabilities grant attackers SYSTEM privileges locally, posing a significant risk to users. The fifth zero-day, identified as CVE-2025-30397, is a remote code execution vulnerability found in the Microsoft Scripting Engine. This flaw can be exploited if an authenticated user clicks on a malicious link in Microsoft Edge or Internet Explorer, enabling attackers to execute code over a network.

Notably, CVE-2025-30397, CVE-2025-32701, and CVE-2025-30400 were uncovered by the Microsoft Threat Intelligence Center. Meanwhile, CVE-2025-32706 was disclosed by the Google Threat Intelligence Group and the CrowdStrike Advanced Research Team, and CVE-2025-32709 was reported by an anonymous researcher. Microsoft has yet to provide details on how these vulnerabilities were exploited.

Among the publicly disclosed zero-days is a spoofing flaw in Microsoft Defender, labeled CVE-2025-26685. This vulnerability allows unauthenticated attackers with local area network access to impersonate another account, discovered by Joshua Murrell from NetSPI. The final zero-day, CVE-2025-32702, is a remote code execution vulnerability in Visual Studio, with limited details available from Microsoft.

How to protect your PC

To safeguard your system, it is crucial to install security updates promptly. Windows and Microsoft patches are typically downloaded and installed automatically. However, users can verify their system’s status by navigating to Start > Settings > Windows Update and selecting Check for Windows updates. Staying current with these updates is essential in minimizing risks and ensuring the integrity of your devices and data.

Winsage