Microsoft Patch Tuesday: May 2025

    Published: 2025-05-13. Last Updated: 2025-05-13 17:57:17 UTC
    by Johannes Ullrich (Version: 1)
    0 comment(s)

    Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month.

    Notable Vulnerabilities:

    CVE-2025-30397: This vulnerability is already exploited. It could lead to remote code execution if a user visits a malicious web page, but only if Edge is running in Internet Explorer mode.

    The other four already exploited vulnerabilities are all privilege escalation vulnerabilities. The two already known vulnerabilities include a remote code execution vulnerability in Visual Studio and a spoofing vulnerability in Microsoft Defender.

    Most of the critical vulnerabilities affect Microsoft Office and the Remote Desktop Client. 

    CVE-2025-29831 could be interesting: It is only rated "important", but it is described as a remote code execution issue in Windows Remote Desktop. No authorization is required to exploit the vulnerability. Exploitation relies on a race collation which is often not reliably exploitable (but exploitable). The attack has to be triggered while the server is being restarted. This may be exploitable if a denial of service vulnerability can be used to restart the system.

    Description
    CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
    .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
    CVE-2025-26646 No No - - Important 8.0 7.0
    Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
    CVE-2025-29968 No No - - Important 6.5 5.7
    Azure Automation Elevation of Privilege Vulnerability
    CVE-2025-29827 No No - - Critical 9.9 8.9
    Azure DevOps Server Elevation of Privilege Vulnerability
    CVE-2025-29813 No No - - Critical 10.0 9.0
    Azure Storage Resource Provider Spoofing Vulnerability
    CVE-2025-29972 No No - - Critical 9.9 8.9
    Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
    CVE-2025-30387 No No - - Important 9.8 8.5
    Kernel Streaming Service Driver Elevation of Privilege Vulnerability
    CVE-2025-24063 No No - - Important 7.8 6.8
    MS-EVEN RPC Remote Code Execution Vulnerability
    CVE-2025-29969 No No - - Important 7.5 6.5
    Microsoft Azure File Sync Elevation of Privilege Vulnerability
    CVE-2025-29973 No No - - Important 7.0 6.1
    Microsoft Brokering File System Elevation of Privilege Vulnerability
    CVE-2025-29970 No No - - Important 7.8 6.8
    Microsoft DWM Core Library Elevation of Privilege Vulnerability
    CVE-2025-30400 No Yes - - Important 7.8 7.2
    Microsoft Dataverse Elevation of Privilege Vulnerability
    CVE-2025-29826 No No - - Important 7.3 6.4
    Microsoft Dataverse Remote Code Execution Vulnerability
    CVE-2025-47732 No No - - Critical 8.7 7.6
    Microsoft Defender Elevation of Privilege Vulnerability
    CVE-2025-26684 No No - - Important 6.7 5.8
    Microsoft Defender for Identity Spoofing Vulnerability
    CVE-2025-26685 Yes No - - Important 6.5 5.7
    Microsoft Edge (Chromium-based) Spoofing Vulnerability
    CVE-2025-29825 No No Less Likely Less Likely Low 6.5 5.7
    Microsoft Excel Remote Code Execution Vulnerability
    CVE-2025-29977 No No - - Important 7.8 6.8
    CVE-2025-29979 No No - - Important 7.8 6.8
    CVE-2025-30375 No No - - Important 7.8 6.8
    CVE-2025-30376 No No - - Important 7.8 6.8
    CVE-2025-30379 No No - - Important 7.8 6.8
    CVE-2025-30381 No No - - Important 7.8 6.8
    CVE-2025-30383 No No - - Important 7.8 6.8
    CVE-2025-30393 No No - - Important 7.8 6.8
    CVE-2025-32704 No No - - Important 8.4 7.3
    Microsoft Office Remote Code Execution Vulnerability
    CVE-2025-30377 No No - - Critical 8.4 7.3
    CVE-2025-30386 No No - - Critical 8.4 7.3
    Microsoft Outlook Remote Code Execution Vulnerability
    CVE-2025-32705 No No - - Important 7.8 6.8
    Microsoft PC Manager Elevation of Privilege Vulnerability
    CVE-2025-29975 No No - - Important 7.8 6.8
    Microsoft Power Apps Information Disclosure Vulnerability
    CVE-2025-47733 No No - - Critical 9.1 7.9
    Microsoft PowerPoint Remote Code Execution Vulnerability
    CVE-2025-29978 No No - - Important 7.8 6.8
    Microsoft SharePoint Server Elevation of Privilege Vulnerability
    CVE-2025-29976 No No - - Important 7.8 6.8
    Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2025-30378 No No - - Important 7.0 6.1
    CVE-2025-30382 No No - - Important 7.8 6.8
    CVE-2025-30384 No No - - Important 7.4 6.4
    Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
    CVE-2025-29833 No No - - Critical 7.1 6.2
    Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
    CVE-2025-27488 No No - - Important 6.7 5.8
    Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
    CVE-2025-33072 No No - - Critical 8.1 7.1
    NTFS Elevation of Privilege Vulnerability
    CVE-2025-32707 No No - - Important 7.8 6.8
    Remote Desktop Client Remote Code Execution Vulnerability
    CVE-2025-29966 No No - - Critical 8.8 7.7
    CVE-2025-29967 No No - - Critical 8.8 7.7
    Scripting Engine Memory Corruption Vulnerability
    CVE-2025-30397 No Yes - - Important 7.5 7.0
    Universal Print Management Service Elevation of Privilege Vulnerability
    CVE-2025-29841 No No - - Important 7.0 6.1
    UrlMon Security Feature Bypass Vulnerability
    CVE-2025-29842 No No - - Important 7.5 6.5
    Visual Studio Code Security Feature Bypass Vulnerability
    CVE-2025-21264 No No - - Important 7.1 6.2
    Visual Studio Information Disclosure Vulnerability
    CVE-2025-32703 No No - - Important 5.5 4.8
    Visual Studio Remote Code Execution Vulnerability
    CVE-2025-32702 Yes No - - Important 7.8 6.8
    Web Threat Defense (WTD.sys) Denial of Service Vulnerability
    CVE-2025-29971 No No - - Important 7.5 6.5
    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2025-32709 No Yes - - Important 7.8 6.8
    Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2025-32701 No Yes - - Important 7.8 7.2
    CVE-2025-32706 No Yes - - Important 7.8 7.2
    CVE-2025-30385 No No - - Important 7.8 6.8
    Windows Deployment Services Denial of Service Vulnerability
    CVE-2025-29957 No No - - Important 6.2 5.4
    Windows ExecutionContext Driver Elevation of Privilege Vulnerability
    CVE-2025-29838 No No - - Important 7.4 6.4
    Windows Graphics Component Remote Code Execution Vulnerability
    CVE-2025-30388 No No - - Important 7.8 6.8
    Windows Hyper-V Denial of Service Vulnerability
    CVE-2025-29955 No No - - Important 6.2 5.4
    Windows Installer Information Disclosure Vulnerability
    CVE-2025-29837 No No - - Important 5.5 4.8
    Windows Kernel Information Disclosure Vulnerability
    CVE-2025-29974 No No - - Important 5.7 5.0
    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
    CVE-2025-27468 No No - - Important 7.0 6.1
    Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
    CVE-2025-29954 No No - - Important 5.9 5.2
    Windows Media Remote Code Execution Vulnerability
    CVE-2025-29964 No No - - Important 8.8 7.7
    CVE-2025-29840 No No - - Important 8.8 7.7
    CVE-2025-29962 No No - - Important 8.8 7.7
    CVE-2025-29963 No No - - Important 8.8 7.7
    Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
    CVE-2025-29839 No No - - Important 4.0 3.5
    Windows Remote Access Connection Manager Information Disclosure Vulnerability
    CVE-2025-29835 No No - - Important 6.5 5.7
    Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
    CVE-2025-30394 No No - - Important 5.9 5.2
    CVE-2025-26677 No No - - Important 7.5 6.5
    Windows Remote Desktop Services Remote Code Execution Vulnerability
    CVE-2025-29831 No No - - Important 7.5 6.5
    Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
    CVE-2025-29959 No No - - Important 6.5 5.7
    CVE-2025-29960 No No - - Important 6.5 5.7
    CVE-2025-29830 No No - - Important 6.5 5.7
    CVE-2025-29832 No No - - Important 6.5 5.7
    CVE-2025-29836 No No - - Important 6.5 5.7
    CVE-2025-29958 No No - - Important 6.5 5.7
    CVE-2025-29961 No No - - Important 6.5 5.7
    Windows SMB Information Disclosure Vulnerability
    CVE-2025-29956 No No - - Important 5.4 4.7
    Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
    CVE-2025-29829 No No - - Important 5.5 4.8

     

    ---
    Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
    Twitter|

    Keywords: microsoft patch tuesday
    0 comment(s)
    ISC Stormcast For Tuesday, May 13th, 2025 https://isc.sans.edu/podcastdetail/9448

      Comments

      Login here to join the discussion.


      Diary Archives