Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)
微软在2025年5月的补丁更新中修复了71个CVE漏洞,包括7个零日漏洞(其中5个已被利用),涉及.NET、Visual Studio、Azure等产品。主要漏洞类型为远程代码执行(39.4%)和权限提升(25.4%)。部分漏洞已被用于实际攻击。 2025-5-13 19:11:55 Author: www.tenable.com(查看原文) 阅读量:68 收藏

A blue gradient background with the Tenable Research logo at the top center. A grey box with sharp corners contains the word "MICROSOFT" in bold text with the word "PATCH TUESDAY" underneath it. At the bottom center of the image are the words "Zero-Day Vulnerabilities Exploited." For the May 2025 Patch Tuesday, Microsoft patched 71 CVEs including seven zero-day vulnerabilities.

  1. 5Critical
  2. 66Important
  3. 0Moderate
  4. 0Low

Microsoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.

Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important.

A pie chart showing the severity distribution across the Patch Tuesday CVEs patched in May 2025.

This month’s update includes patches for:

  • .NET, Visual Studio, and Build Tools for Visual Studio
  • Active Directory Certificate Services (AD CS)
  • Azure
  • Azure Automation
  • Azure DevOps
  • Azure File Sync
  • Azure Storage Resource Provider
  • Microsoft Brokering File System
  • Microsoft Dataverse
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Identity
  • Microsoft Edge (Chromium-based)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft PC Manager
  • Microsoft Power Apps
  • Microsoft Scripting Engine
  • Remote Desktop Gateway Service
  • Role: Windows Hyper-V
  • Universal Print Management Service
  • UrlMon
  • Visual Studio
  • Visual Studio Code
  • Web Threat Defense (WTD.sys)
  • Windows Ancillary Function Driver for WinSock
  • Windows Common Log File System Driver
  • Windows Deployment Services
  • Windows Drivers
  • Windows DWM
  • Windows File Server
  • Windows Fundamentals
  • Windows Hardware Lab Kit
  • Windows Installer
  • Windows Kernel
  • Windows LDAP - Lightweight Directory Access Protocol
  • Windows Media
  • Windows NTFS
  • Windows Remote Desktop
  • Windows Routing and Remote Access Service (RRAS)
  • Windows Secure Kernel Mode
  • Windows SMB
  • Windows Trusted Runtime Interface Driver
  • Windows Virtual Machine Bus
  • Windows Win32K - GRFX

A bar chart showing the count by impact of CVEs patched in the May 2025 Patch Tuesday release.

Remote code execution (RCE) vulnerabilities accounted for 39.4% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 25.4%.

CVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege Vulnerabilities

CVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Each was assigned a CVSSv3 score of 7.8 and are rated as important. Both CVE-2025-32701 and CVE-2025-32706 were exploited in the wild as zero-days while CVE-2025-30385 is assessed as “Exploitation More Likely” according to Microsoft’s Exploitability Index.

Prior to this month's release, Microsoft has patched two other EoP vulnerabilities in the Windows CLFS driver in 2025, including CVE-2025-29824, exploited as a zero-day vulnerability in the April 2025 Patch Tuesday release. In 2024, there were eight CLFS vulnerabilities patched, including one zero-day vulnerability in the CLFS driver that was exploited (CVE-2024-49138) and patched in the December 2024 Patch Tuesday release. Windows CLFS continues to be a popular attack vector for attackers and has been exploited by ransomware gangs.

CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-30400 is an EoP vulnerability in the Windows Desktop Windows Manager (DWM) Core library. It was assigned a CVSSv3 score of 7.8 and is rated as important. Microsoft notes that it was exploited as a zero-day. Successful exploitation would allow an attacker to elevate their privileges by exploiting a use after free flaw.

This is the seventh EoP vulnerability in DWM Core Library patched this year. Eight DWM vulnerabilities were patched in 2024, including one zero-day vulnerability that was actively exploited (CVE-2024-30051) and patched in the May 2024 Patch Tuesday release.

CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability

CVE-2025-30397 is a memory corruption vulnerability in Microsoft Scripting Engine that can be exploited to achieve arbitrary code execution on a target machine. It was assigned a CVSSv3 score of 7.5 and is rated as Important. The attack complexity is rated as high, and Microsoft notes the target must first be running Microsoft Edge in Internet Explorer mode. Successful exploitation requires the user to click on a crafted URL. This vulnerability was reportedly exploited in the wild as a zero-day.

CVE-2025-26685 | Microsoft Defender for Identity Spoofing Vulnerability

CVE-2025-26685 is a spoofing vulnerability in Microsoft Defender for Identity. It was assigned a CVSSv3 score of 6.5 and is rated as Important. This vulnerability allows an unauthenticated attacker with Local Area Network (LAN) access to perform a spoofing attack. According to Microsoft, this vulnerability was disclosed prior to patches being made available.

CVE-2025-32709 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-32709 is a EoP vulnerability in the Windows Ancillary Function Driver for WinSock. It was assigned a CVSSv3 score of 7.8 and rated as Important. An authenticated attacker can leverage this vulnerability to elevate their privileges to administrator by exploiting a user after free condition. Microsoft notes that this vulnerability was exploited in the wild as a zero-day, the second to be exploited in 2025, preceded by CVE-2025-21418 which was addressed in February’s Patch Tuesday release.

CVE-2025-32702 | Visual Studio Remote Code Execution Vulnerability

CVE-2025-32702 is a RCE vulnerability in Visual Studio. It was assigned a CVSSv3 score of 7.8 and rated as Important. Microsoft notes that the attack vector for this vulnerability is local, and that an unauthenticated attacker could exploit this flaw in order to execute code. This is the third RCE vulnerability in Visual Studio that was patched in 2025.

Tenable Solutions

A list of all the plugins released for Microsoft’s May 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

Tenable Security Response Team

Tenable Security Response Team

Tenable Security Response Team

The Tenable Security Response Team (SRT) tracks threat and vulnerability intelligence feeds to ensure our research teams can deliver sensor coverage to our products as quickly as possible. The SRT also works to analyze and assess technical details and writes white papers, blogs and additional communications to ensure stakeholders are fully informed of the latest risks and threats. The SRT provides breakdowns for the latest vulnerabilities on the Tenable blog.

  • Exposure Management
  • Vulnerability Management

Cybersecurity news you can use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose your subscription option:

Thank you

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology security you need.

Reduce the risk you don’t.

Request a demo

Don’t wait for an attack--eliminate risks before they’re exploited.

  • Uncover hidden weaknesses
  • Stop threats before they strike
  • Simplify security
  • Secure hybrid environments

Request a demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
in action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management in action

Know the exposure of every asset on any platform.

Get a demo of Tenable Enclave Security

Please fill out the form with your contact information and a sales representative will contact you shortly to schedule a demo.

Thank You

Thank you for your interest in Tenable Enclave Security. A representative will be in touch soon.

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
now available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

Get a demo of Tenable Patch Management

Interested in streamlining security and IT collaboration and shortening the mean time to remediate with automation? Try Tenable Patch Management.


文章来源: https://www.tenable.com/blog/microsofts-may-2025-patch-tuesday-addresses-71-cves-cve-2025-32701-cve-2025-32706
如有侵权请联系:admin#unsafe.sh