Is Your PC at Risk? Microsoft’s May 2025 Patch Tuesday Fixes 5 Actively Exploited Zero-Days

Microsoft’s May 2025 Patch Tuesday update addresses 72 vulnerabilities, including five zero-day flaws actively exploited in the wild. These vulnerabilities span various Windows components, posing significant security risks.

Five Actively Exploited Zero-Day Vulnerabilities

1. CVE-2025-30400: A use-after-free vulnerability in the Desktop Window Manager (DWM) Core Library allows attackers to gain SYSTEM privileges. This flaw affects Windows 10 and later versions, as well as Windows Server 2016 and newer.
2. CVE-2025-32701: A memory corruption issue in the Windows Common Log File System (CLFS) Driver can be exploited to elevate privileges to SYSTEM. This vulnerability has been actively exploited.
3. CVE-2025-32706: An improper input validation flaw in the CLFS Driver, similar to CVE-2025-32701, also allows for privilege escalation to SYSTEM. Active exploitation has been observed.
4. CVE-2025-32709: A use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock permits attackers to elevate privileges to administrator level. This flaw has been exploited in the wild.
5. CVE-2025-30397: A memory corruption vulnerability in the Microsoft Scripting Engine can lead to remote code execution if a user is tricked into visiting a malicious website. This vulnerability has been actively exploited.

Additional Vulnerabilities Addressed

Beyond the zero-day flaws, Microsoft patched several other vulnerabilities:

• Remote Code Execution (RCE): 29 vulnerabilities, including issues in Microsoft Office and Remote Desktop Client.
• Elevation of Privilege: 18 vulnerabilities across various Windows components.
• Information Disclosure: 14 vulnerabilities that could expose sensitive information.
• Denial of Service: 7 vulnerabilities that could disrupt system availability.
• Spoofing: 2 vulnerabilities, including one in Microsoft Defender for Identity (CVE-2025-26685).
• Security Feature Bypass: 2 vulnerabilities that could allow attackers to bypass security measures.

Recommendations

Given the active exploitation of several vulnerabilities, it is crucial for organizations and individuals to apply these patches promptly. Delaying updates increases the risk of compromise.