Ethical Hacking News
Microsoft has released a critical software update to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. In this article, we will delve into the details of the May 2025 Patch Tuesday and explore the implications for users.
Microsoft released software updates to fix over 70 known vulnerabilities in Windows and related products.The latest patch batch includes five zero-day flaws that have already been exploited by attackers.A total of seven elevation of privilege flaws were patched, including CVE-2025-30397 and CVE-2025-30400.Two new AI features were released for Windows 11 version 24H2, including the controversial Recall feature.Apple released security updates to fix at least 30 vulnerabilities in iOS and iPadOS, including an update that expands emergency satellite capabilities on iPhone 13.
In a move aimed at bolstering the security posture of its vast user base, Microsoft has released software updates to fix a multitude of vulnerabilities in Windows and related products. The update, which is part of the annual Patch Tuesday cycle, brings much-needed security patches to millions of devices worldwide.
According to Microsoft, the latest patch batch fixes over 70 known vulnerabilities, including five zero-day flaws that have already been exploited by attackers. These zero-days, as they are commonly referred to, represent a particularly significant threat to system security, as they can be used to bypass traditional security measures and gain unauthorized access to sensitive data.
The first zero-day flaw patched by Microsoft is CVE-2025-30397, which concerns the Microsoft Scripting Engine. This engine plays a crucial role in Internet Explorer and Internet Explorer mode in Microsoft Edge, and its vulnerability has significant implications for users of these applications. The second zero-day flaw patched today is CVE-2025-30400, which concerns a weakness in the Desktop Window Manager (DWM) library for Windows.
Another critical update addresses a pair of bugs in the Windows Common Log File System (CLFS) driver. These bugs, tracked as CVE-2025-32701 and CVE-2025-32706, allow attackers to elevate their privileges on vulnerable devices. The Windows CLFS is a critical component responsible for logging services, and its vulnerability has significant implications for system security.
Kev Breen, senior director of threat research at Immersive Labs, emphasized the importance of these patches in his statement regarding the exploitation of these vulnerabilities. He noted that privilege escalation bugs assume an attacker already has initial access to a compromised host, typically through a phishing attack or by using stolen credentials. However, if that access already exists, Breen said attackers can gain access to the much more powerful Windows SYSTEM account, which can disable security tooling or even gain domain administration level permissions using credential harvesting tools.
"The patch notes don’t provide technical details on how this is being exploited, and no Indicators of Compromise (IOCs) are shared, meaning the only mitigation security teams have is to apply these patches immediately," he said. "The average time from public disclosure to exploitation at scale is less than five days, with threat actors, ransomware groups, and affiliates quick to leverage these vulnerabilities."
Furthermore, two other elevation of privilege flaws were patched by Microsoft today: CVE-2025-32709, which concerns the afd.sys driver; and CVE-2025-30400, a weakness in the Desktop Window Manager (DWM) library for Windows.
The fifth zero-day patched today is CVE-2025-30397, a flaw in the Microsoft Scripting Engine. This engine plays a crucial role in Internet Explorer and Internet Explorer mode in Microsoft Edge, and its vulnerability has significant implications for users of these applications.
In addition to addressing security vulnerabilities, Microsoft also released updates for Windows 11 version 24H2. This update includes new AI features that carry a lot of baggage, including the controversial Recall feature, which constantly takes screenshots of what users are doing on Windows CoPilot-enabled computers. Former Microsoftie Kevin Beaumont has published a detailed teardown of Microsoft’s updates to Recall, highlighting concerns about its potential impact on user privacy.
Apple users likely have their own patching to do, as Apple released security updates to fix at least 30 vulnerabilities in iOS and iPadOS. The updated version is 18.5, which also expands emergency satellite capabilities to iPhone 13 owners for the first time.
In conclusion, the May 2025 Patch Tuesday represents a critical update from Microsoft aimed at bolstering the security posture of its vast user base. With over 70 known vulnerabilities fixed, including five zero-day flaws that have already been exploited, users are urged to apply these patches as soon as possible. By taking proactive steps to secure their devices, users can significantly reduce the risk of falling victim to cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-May-2025-Patch-Tuesday-A-Critical-Update-from-Microsoft-ehn.shtml
https://krebsonsecurity.com/2025/05/patch-tuesday-may-2025-edition/
https://blog.qualys.com/vulnerabilities-threat-research/2025/05/13/microsoft-patch-tuesday-may-2025-security-update-review
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2025-patch-tuesday-fixes-5-exploited-zero-days-72-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2025-30397
https://www.cvedetails.com/cve/CVE-2025-30397/
https://nvd.nist.gov/vuln/detail/CVE-2025-30400
https://www.cvedetails.com/cve/CVE-2025-30400/
https://nvd.nist.gov/vuln/detail/CVE-2025-30400
https://www.cvedetails.com/cve/CVE-2025-30400/
https://nvd.nist.gov/vuln/detail/CVE-2025-32701
https://www.cvedetails.com/cve/CVE-2025-32701/
https://nvd.nist.gov/vuln/detail/CVE-2025-32706
https://www.cvedetails.com/cve/CVE-2025-32706/
https://nvd.nist.gov/vuln/detail/CVE-2025-32709
https://www.cvedetails.com/cve/CVE-2025-32709/
Published: Wed May 14 08:33:42 2025 by llama3.2 3B Q4_K_M
