Ethical Hacking News

Microsoft Addresses 78 Security Flaws, Including 5 Zero-Day Exploits

Microsoft has addressed 78 security flaws, including five zero-day exploits. Among the most critical ones are CVE-2025-29813, a privilege escalation flaw in Azure DevOps Server that allows an unauthorized attacker to elevate privileges over a network.

Microsoft's Patch Tuesday update addressed 78 security flaws across its software lineup, including five zero-day exploits.

CVE-2025-29813 is a critical privilege escalation flaw in Azure DevOps Server that allows unauthorized attackers to elevate privileges over a network.

A scripting engine memory corruption vulnerability (CVE-2025-30397) can be exploited via a malicious web page or script, allowing attackers to gain control over the system.

Microsoft Desktop Window Manager (DWM) Core Library elevation of privilege vulnerability (CVE-2025-30400) has been exploited in real-world attacks since 2022.

A privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684) allows authorized attackers to elevate privileges locally.

A spoofing vulnerability affecting Microsoft Defender for Identity (CVE-2025-26685) can be exploited by an adversary to obtain an NTLM hash and potentially gain access to the Directory Services account.

Microsoft's Patch Tuesday update has brought much-needed relief to organizations and individuals alike by addressing a total of 78 security flaws across its software lineup. Among these, five zero-day exploits have been identified, with the most critical one being CVE-2025-29813, a privilege escalation flaw in Azure DevOps Server that allows an unauthorized attacker to elevate privileges over a network.

The vulnerabilities were discovered and patched by Microsoft's threat intelligence team, while other researchers such as Benoit Sevens of Google Threat Intelligence Group and the CrowdStrike Advanced Research Team have been credited with identifying CVE-2025-32706. An anonymous researcher has also been acknowledged for reporting CVE-2025-32709. The discovery of these vulnerabilities highlights the importance of timely patches and the need for organizations to prioritize their security posture.

One of the most significant flaws addressed in this update is CVE-2025-30397, a scripting engine memory corruption vulnerability that can be exploited via a malicious web page or script. Attackers can leverage this flaw to gain control over the system, including accessing sensitive data and executing arbitrary code. In fact, Alex Vovk, CEO and co-founder of Action1, warned that if an attacker gains control over the system, they could potentially steal data, install malware, and move laterally across networks.

Another notable vulnerability is CVE-2025-30400, a Microsoft Desktop Window Manager (DWM) Core Library elevation of privilege vulnerability. This flaw has been exploited in real-world attacks since 2022 and can be weaponized by attackers to gain elevated privileges on the system. Satnam Narang, senior staff research engineer at Tenable, noted that this is not an isolated incident, as Patch Tuesday has addressed 26 elevation of privilege vulnerabilities in DWM since 2022.

In addition to these critical flaws, other notable vulnerabilities include CVE-2025-32701 and CVE-2025-32706, which are both related to the Windows Common Log File System (CLFS) component. These flaws have also been exploited in real-world attacks since 2022 and can be used by attackers to gain elevated privileges on the system.

Furthermore, a privilege escalation bug in Microsoft Defender for Endpoint for Linux (CVE-2025-26684) has been identified, which could allow an authorized attacker to elevate privileges locally. Rich Mirch, one of the researchers who reported this vulnerability, explained that the issue is rooted in a Python helper script that includes a function ("grab_java_version()") to determine the Java Runtime Environment (JRE) version.

Additionally, a spoofing vulnerability affecting Microsoft Defender for Identity (CVE-2025-26685) has been discovered, which allows an attacker with LAN access to perform spoofing over an adjacent network. Adam Barnett, lead software engineer at Rapid7, noted that this vulnerability can be exploited by an adversary to obtain an NTLM hash and potentially gain access to the Directory Services account.

The latest patch update also addresses a privilege escalation flaw in Azure DevOps Server, CVE-2025-29813, which allows an unauthorized attacker to elevate privileges over a network. Microsoft stated that this shortcoming has been already deployed in the cloud and there is no action required on the part of customers.

In conclusion, Microsoft's Patch Tuesday update has brought much-needed relief to organizations and individuals by addressing 78 security flaws across its software lineup, including five zero-day exploits. It is essential for organizations to prioritize their security posture and apply these patches as soon as possible to prevent potential attacks.

Related Information:

https://www.ethicalhackingnews.com/articles/Microsoft-Addresses-78-Security-Flaws-Including-5-Zero-Day-Exploits-ehn.shtml

https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html

https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2024-patch-tuesday-fixes-5-zero-days-118-flaws/

https://nvd.nist.gov/vuln/detail/CVE-2025-29813

https://www.cvedetails.com/cve/CVE-2025-29813/

https://nvd.nist.gov/vuln/detail/CVE-2025-30397

https://www.cvedetails.com/cve/CVE-2025-30397/

https://nvd.nist.gov/vuln/detail/CVE-2025-30400

https://www.cvedetails.com/cve/CVE-2025-30400/

https://nvd.nist.gov/vuln/detail/CVE-2025-26684

https://www.cvedetails.com/cve/CVE-2025-26684/

https://nvd.nist.gov/vuln/detail/CVE-2025-32701