Microsoft Releases May 2025 Security Updates

May 16, 2025 GMT+08:00

I. Overview

Huawei Cloud noticed that Microsoft has released its May 2025 Security Updates. A total of 71 security vulnerabilities have been disclosed, among which 5 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to implement remote code execution, privilege escalation, and security feature bypass. Affected applications include Microsoft Windows, Microsoft Office, Microsoft Azure, and.NET.

For details, visit the Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2025-May

The following vulnerabilities require close scrutiny as their details have been disclosed or they have already been exploited by attackers:

Scripting Engine Memory Corruption Vulnerability (CVE-2025-30397): This is a zero-day vulnerability. Remote attackers can exploit this vulnerability by enticing victims to open a maliciously crafted URL. Successful exploitation can lead to arbitrary code execution on the affected system. This vulnerability has been exploited in the wild, and the risk is high.

Microsoft DWM Core Library Elevation of Privilege Vulnerability (CVE-2025-30400): This is a 0-day vulnerability. Attackers who successfully exploit this vulnerability can obtain system privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2025-32701): This zero-day vulnerability, caused by a use-after-free error within the Windows Common Log File System driver, could be exploited by attackers to gain system-level privileges. This vulnerability has been exploited in the wild, and the risk is high.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2025-32706): This zero-day vulnerability arises from inadequate validation of user-supplied data within the Windows Common Log File System driver, potentially allowing attackers to escalate their privileges to the system level. This vulnerability has been exploited in the wild, and the risk is high.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (CVE-2025-32709): This zero-day vulnerability stems from a use-after-free error within the Winsock driver of the Windows ancillary function driver. Authenticated attackers could exploit this vulnerability to gain administrator-level privileges. This vulnerability has been exploited in the wild, and the risk is high.

Microsoft Defender for Identity Spoofing Vulnerability (CVE-2025-26685): Unauthenticated attackers with Local Area Network (LAN) access can exploit this vulnerability to conduct spoofing attacks. Successful exploitation could result in the leakage of sensitive information. The vulnerability has been disclosed, and the risk is high.

Visual Studio Remote Code Execution Vulnerability (CVE-2025-32702): Attackers can exploit this vulnerability by persuading victims to download and open a specially crafted file from a website. Successful exploitation could lead to remote code execution on the target system. The vulnerability has been disclosed, and the risk is high.

8 vulnerabilities (such as CVE-2025-30386, CVE-2025-24063, and CVE-2025-29976) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Azure, and.NET

IV. Vulnerability Details

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.