Microsoft’s May Patch Tuesday: 74 Fixes, Including Critical and Weaponized Threats
The release consists of:
- 10 Critical and 64 Important fixes.
- Coverage across Windows, Windows Components, Microsoft Office, Visual Studio, SharePoint, Remote Desktop and Hyper-V.
- A combined CVSS score of 463.1, with an average severity of 7.2 – slightly lower than last month’s.
Robert Brown, Senior Director of Professional Services at Absolute, emphasizes the importance of prioritization in vulnerability management.
Patch Tuesday Recap: Top 3 Vulnerabilities You Need to Know As always, Patch Tuesday brings critical updates and security fixes to keep your systems protected. Here’s a breakdown of the most significant issues and why you should prioritise addressing them immediately.
1. CVE-2025-30400: Microsoft DWM Core Library Elevation of PrivilegeVulnerability
- Weaponized, Actively Exploited
The Microsoft DWM Core Library Elevation of Privilege Vulnerability is a security flaw that allows an attacker with local access to gain higher-level privileges on a Windows system. By exploiting this issue in the Desktop Window Manager (which handles visual elements in Windows), a malicious actor could execute code with elevated permissions, potentially taking full control of the affected device. This type of vulnerability is often used in combination with other attacks to move laterally or escalate access within a compromised environment. Prompt patching is recommended to mitigate the risk.
- Severity: Important | CVSS Score: 7.8
- Attack Vector: Local | Privileges Required: Low
- User Interaction: None | Complexity: Low
2. CVE-2025-32701 & CVE-2025-32706: Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Weaponized, Actively Exploited
The Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability is a flaw in the CLFS component, which is used by Windows to manage structured logfiles. If exploited, an attacker with local access could run processes with elevated (SYSTEM-level) privileges, allowing them to gain full control over the system. This type of vulnerability is typically used after initial access is gained, enabling further compromise or persistence within an environment.
- Severity: Important | CVSS Score: 7.8
- Attack Vector: Local | Privileges Required: Low
- User Interaction: None | Complexity: Low
3. CVE-2025-32709: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- Weaponized, Actively Exploited
The Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability affects a core networking component used for Windows socket communication. If exploited, a local attacker could gain elevated privileges, potentially allowing them to execute code with SYSTEM-level access. This vulnerability could be leveraged as part of a broader attack chain to deepen control over a compromised system.
- Severity: Important | CVSS Score: 8.8
- Attack Vector: Network | Privileges Required: None
- User Interaction: Required | Complexity: Low
Final Thoughts: Act Now to Stay Secure
May Patch Tuesday highlights the ongoing risks of unpatched vulnerabilities, especially as attackers leverage AI and automation to identify new exploits faster than ever before.
- Prioritize patches for actively exploited and publicly disclosed vulnerabilities.
- Ensure your security team is equipped to respond quickly
- Consider leveraging automation and vulnerability management solutions to stay ahead of threats.
Need help implementing these patches or optimizing your cybersecurity strategy? Our team is here to assist you.
Until next time, Happy Patching!