Microsoft Patch Tuesday: May 2025
Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month.
Notable Vulnerabilities:
CVE-2025-30397: This vulnerability is already exploited. It could lead to remote code execution if a user visits a malicious web page, but only if Edge is running in Internet Explorer mode.
The other four already exploited vulnerabilities are all privilege escalation vulnerabilities. The two already known vulnerabilities include a remote code execution vulnerability in Visual Studio and a spoofing vulnerability in Microsoft Defender.
Most of the critical vulnerabilities affect Microsoft Office and the Remote Desktop Client.
CVE-2025-29831 could be interesting: It is only rated "important", but it is described as a remote code execution issue in Windows Remote Desktop. No authorization is required to exploit the vulnerability. Exploitation relies on a race collation which is often not reliably exploitable (but exploitable). The attack has to be triggered while the server is being restarted. This may be exploitable if a denial of service vulnerability can be used to restart the system.
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability | |||||||
| CVE-2025-26646 | No | No | - | - | Important | 8.0 | 7.0 |
| Active Directory Certificate Services (AD CS) Denial of Service Vulnerability | |||||||
| CVE-2025-29968 | No | No | - | - | Important | 6.5 | 5.7 |
| Azure Automation Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29827 | No | No | - | - | Critical | 9.9 | 8.9 |
| Azure DevOps Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29813 | No | No | - | - | Critical | 10.0 | 9.0 |
| Azure Storage Resource Provider Spoofing Vulnerability | |||||||
| CVE-2025-29972 | No | No | - | - | Critical | 9.9 | 8.9 |
| Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability | |||||||
| CVE-2025-30387 | No | No | - | - | Important | 9.8 | 8.5 |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-24063 | No | No | - | - | Important | 7.8 | 6.8 |
| MS-EVEN RPC Remote Code Execution Vulnerability | |||||||
| CVE-2025-29969 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29973 | No | No | - | - | Important | 7.0 | 6.1 |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29970 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||||
| CVE-2025-30400 | No | Yes | - | - | Important | 7.8 | 7.2 |
| Microsoft Dataverse Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29826 | No | No | - | - | Important | 7.3 | 6.4 |
| Microsoft Dataverse Remote Code Execution Vulnerability | |||||||
| CVE-2025-47732 | No | No | - | - | Critical | 8.7 | 7.6 |
| Microsoft Defender Elevation of Privilege Vulnerability | |||||||
| CVE-2025-26684 | No | No | - | - | Important | 6.7 | 5.8 |
| Microsoft Defender for Identity Spoofing Vulnerability | |||||||
| CVE-2025-26685 | Yes | No | - | - | Important | 6.5 | 5.7 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2025-29825 | No | No | Less Likely | Less Likely | Low | 6.5 | 5.7 |
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2025-29977 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-29979 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30375 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30376 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30379 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30381 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30383 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30393 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-32704 | No | No | - | - | Important | 8.4 | 7.3 |
| Microsoft Office Remote Code Execution Vulnerability | |||||||
| CVE-2025-30377 | No | No | - | - | Critical | 8.4 | 7.3 |
| CVE-2025-30386 | No | No | - | - | Critical | 8.4 | 7.3 |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||||
| CVE-2025-32705 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft PC Manager Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29975 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Power Apps Information Disclosure Vulnerability | |||||||
| CVE-2025-47733 | No | No | - | - | Critical | 9.1 | 7.9 |
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2025-29978 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29976 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2025-30378 | No | No | - | - | Important | 7.0 | 6.1 |
| CVE-2025-30382 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2025-30384 | No | No | - | - | Important | 7.4 | 6.4 |
| Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability | |||||||
| CVE-2025-29833 | No | No | - | - | Critical | 7.1 | 6.2 |
| Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability | |||||||
| CVE-2025-27488 | No | No | - | - | Important | 6.7 | 5.8 |
| Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability | |||||||
| CVE-2025-33072 | No | No | - | - | Critical | 8.1 | 7.1 |
| NTFS Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32707 | No | No | - | - | Important | 7.8 | 6.8 |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||||
| CVE-2025-29966 | No | No | - | - | Critical | 8.8 | 7.7 |
| CVE-2025-29967 | No | No | - | - | Critical | 8.8 | 7.7 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2025-30397 | No | Yes | - | - | Important | 7.5 | 7.0 |
| Universal Print Management Service Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29841 | No | No | - | - | Important | 7.0 | 6.1 |
| UrlMon Security Feature Bypass Vulnerability | |||||||
| CVE-2025-29842 | No | No | - | - | Important | 7.5 | 6.5 |
| Visual Studio Code Security Feature Bypass Vulnerability | |||||||
| CVE-2025-21264 | No | No | - | - | Important | 7.1 | 6.2 |
| Visual Studio Information Disclosure Vulnerability | |||||||
| CVE-2025-32703 | No | No | - | - | Important | 5.5 | 4.8 |
| Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2025-32702 | Yes | No | - | - | Important | 7.8 | 6.8 |
| Web Threat Defense (WTD.sys) Denial of Service Vulnerability | |||||||
| CVE-2025-29971 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32709 | No | Yes | - | - | Important | 7.8 | 6.8 |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-32701 | No | Yes | - | - | Important | 7.8 | 7.2 |
| CVE-2025-32706 | No | Yes | - | - | Important | 7.8 | 7.2 |
| CVE-2025-30385 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Deployment Services Denial of Service Vulnerability | |||||||
| CVE-2025-29957 | No | No | - | - | Important | 6.2 | 5.4 |
| Windows ExecutionContext Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-29838 | No | No | - | - | Important | 7.4 | 6.4 |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||||
| CVE-2025-30388 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2025-29955 | No | No | - | - | Important | 6.2 | 5.4 |
| Windows Installer Information Disclosure Vulnerability | |||||||
| CVE-2025-29837 | No | No | - | - | Important | 5.5 | 4.8 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2025-29974 | No | No | - | - | Important | 5.7 | 5.0 |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2025-27468 | No | No | - | - | Important | 7.0 | 6.1 |
| Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | |||||||
| CVE-2025-29954 | No | No | - | - | Important | 5.9 | 5.2 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| CVE-2025-29964 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29840 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29962 | No | No | - | - | Important | 8.8 | 7.7 |
| CVE-2025-29963 | No | No | - | - | Important | 8.8 | 7.7 |
| Windows Multiple UNC Provider Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-29839 | No | No | - | - | Important | 4.0 | 3.5 |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||||
| CVE-2025-29835 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | |||||||
| CVE-2025-30394 | No | No | - | - | Important | 5.9 | 5.2 |
| CVE-2025-26677 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||||
| CVE-2025-29831 | No | No | - | - | Important | 7.5 | 6.5 |
| Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability | |||||||
| CVE-2025-29959 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29960 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29830 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29832 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29836 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29958 | No | No | - | - | Important | 6.5 | 5.7 |
| CVE-2025-29961 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows SMB Information Disclosure Vulnerability | |||||||
| CVE-2025-29956 | No | No | - | - | Important | 5.4 | 4.7 |
| Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability | |||||||
| CVE-2025-29829 | No | No | - | - | Important | 5.5 | 4.8 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
Keywords: microsoft patch tuesday
0 comment(s)
My next class:
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
×
![modal content]()
Diary Archives
Comments