Microsoft’s “Patch Tuesday” Update Fixes Seven Zero-Day Exploits
Microsoft has released its latest monthly Patch Tuesday update, this time offering fixes for 72 security vulnerabilities in its systems. Five of the malicious bugs reviewed are zero-day bugs that are in active use, and two have been publicly disclosed.
As reported by Bleeping Computer , the May update fixes 17 privilege escalation bugs, two security feature bypass bugs, 28 remote code execution bugs, 15 information disclosure bugs, seven denial of service bugs, and two spoofing bugs. In addition to the zero-day exploits, six remote code execution vulnerabilities are marked as “critical” as well as one information disclosure vulnerability.
If you are a Windows or Microsoft user, you should make sure your systems are up to date.
May 2025 Update Tuesday Updates.
While all Microsoft security updates are important to maintaining the integrity of your devices and data, this Patch Tuesday is especially riddled with zero days—flaws that are actively exploited or publicly disclosed before the developer releases an official fix.
Four of the five actively exploited zero-day vulnerabilities fixed in this update are privilege escalation vulnerabilities. CVE-2025-32701 and CVE-2025-32706 affect the Windows shared journal file system driver, while CVE-2025-30400 affects the Microsoft DWM core library and CVE-2025-32709 affects the Windows utility function driver for WinSock. All of them provide attackers with SYSTEM privileges locally.
The fifth active exploit is a remote code execution vulnerability (designated CVE-2025-30397) in the Microsoft Scripting Engine. The vulnerability could be exploited if an authenticated user clicks on a fraudulent link in Microsoft Edge or Internet Explorer, allowing attackers to execute code over the network.
CVE-2025-30397, CVE-2025-32701, and CVE-2025-30400 were discovered by the Microsoft Threat Intelligence Center. CVE-2025-32706 was discovered by Google Threat Intelligence Group and CrowdStrike’s Advanced Research Group, while CVE-2025-32709 came from an “anonymous” researcher. Microsoft has not disclosed how these flaws were exploited.
One of the publicly disclosed zero-day fixes this month is a spoofing flaw in Microsoft Defender (CVE-2025-26685), which allows unauthenticated attackers with local network access to spoof another account. This was discovered by Joshua Murrell using NetSPI. The latest zero-day vulnerability (CVE-2025-32702) is a remote code execution vulnerability in Visual Studio. Microsoft did not reveal any additional details.
How to protect your computer
You should always install security updates as soon as they become available to minimize the risk to your system. Windows and Microsoft patches are usually downloaded and installed automatically, but you can make sure your PC is up to date by going to Start > Settings > Windows Update and selecting Check for Windows Updates .