56juqingba.com – What's Your Question? Windows What Zero-Day Vulnerabilities Did Microsoft Fix in the May Patch Tuesday Update?

What Zero-Day Vulnerabilities Did Microsoft Fix in the May Patch Tuesday Update?

2025年12月24日2025年12月24日| lichongyanglichongyang| 0 Comment| 下午6:52
Categories:

May Patch Tuesday: Microsoft Fixes Five Actively Exploited Windows Zero-Day Vulnerabilities

While the five Windows zero-day vulnerabilities fixed in May Patch Tuesday can be resolved with Microsoft’s cumulative update, many organizations face additional challenges due to a large Windows update package that introduces new AI-powered features for modern Windows systems.

In total, Microsoft addressed 72 new CVEs, including:

  • 5 actively exploited Windows zero-days
  • 2 publicly disclosed vulnerabilities
  • 6 critical-severity flaws

Microsoft also republished two security updates to deliver more complete fixes for:

  • Windows Remote Desktop Services RCE (CVE-2024-49128)
  • Microsoft Office RCE (CVE-2025-26629)

Five Actively Exploited Windows Zero-Days Lead May Patch Tuesday

All five zero-days reside in the Windows operating system and are rated “Important”, despite confirmed exploitation in the wild.

“Update your OS this month, and you’ve addressed the majority of the risk,”
Chris Goettl, VP of Product Management, Ivanti

1. Windows Ancillary Function Driver for Winsock EoP

CVE-2025-32709 | CVSS: 7.8

  • Affects Windows Server 2012 and later
  • Requires local access and low privileges
  • Can lead to administrator-level privileges

📎 Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32709

2–3. Windows Common Log File System Driver EoP

CVE-2025-32701 & CVE-2025-32706 | CVSS: 7.8

  • Nearly identical vulnerabilities
  • One caused by memory corruption
  • One caused by improper input validation

Successful exploitation allows attackers to:

  • Elevate privileges
  • Access protected folders
  • Disable security controls

📎 References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32701
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32706

4. Desktop Window Manager (DWM) Core Library EoP

CVE-2025-30400 | CVSS: 7.8

  • Affects Windows 10+ and Windows Server 2016+
  • Grants SYSTEM-level privileges

📎 Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30400

5. Scripting Engine Memory Corruption

CVE-2025-30397 | CVSS: 7.5

  • Enables remote code execution
  • Particularly risky in environments using IE compatibility mode in Microsoft Edge

Organizations using security-only updates must also apply Internet Explorer cumulative updates, as scripting components reside in the Windows OS.

📎 Reference:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397

CVSS Scores vs Real-World Risk

Despite active exploitation, none of the zero-days scored above 8.0.

Goettl criticized the CVSS model:

“It’s a static algorithm that doesn’t weigh known exploitation heavily enough, often misleading organizations.”

Microsoft Fixes Two Publicly Disclosed Vulnerabilities

Visual Studio RCE

  • CVE: undisclosed (Visual Studio 2019 / 2022)
  • CVSS: 7.8
  • Requires user interaction
  • Limited to local execution

Microsoft Defender for Identity Spoofing

CVE-2025-26685 | CVSS: 6.5

  • Requires LAN access
  • Most customers protected via automatic updates
  • Manual action needed only in disconnected environments

📎 Defender for Identity:
https://learn.microsoft.com/defender-for-identity/

Microsoft Office and SharePoint Security Updates

Office Highlights

  • 17 CVEs total
  • 9 affect Microsoft Excel
  • Two critical RCE flaws:
    • CVE-2025-30377
    • CVE-2025-30386 (more likely to be exploited)

SharePoint Server Vulnerabilities

CVETypeCVSSNotes
CVE-2025-29976EoP7.8Local, low privileges
CVE-2025-30382RCE7.8User interaction required

📎 SharePoint Security Updates:
https://learn.microsoft.com/sharepoint/security-for-sharepoint-server

Large Windows Update Introduces New AI Features

May Patch Tuesday also delivers AI capabilities to:

  • Windows 11
  • Windows Server 2025

⚠️ Update size: ~4 GB (vs ~400 MB typical)

Key AI Features

  • Recall
    A searchable activity timeline with enhanced security and privacy controls
  • Click to Do
    Context-based actions on selected text or images, similar to Android’s “Circle to Search”
  • Improved Windows Search
    Natural language search powered by neural processing

📎 Windows AI Features Overview:
https://learn.microsoft.com/windows/ai/

Hardware Requirements: Copilot+ PCs

Not all systems support these AI features. Requirements include:

  • Copilot+ PC
  • NPU ≥ 40 TOPS
  • Some features require Secured-core PCs

📎 Copilot+ PC requirements:
https://learn.microsoft.com/windows/ai/copilot-plus-pcs

References

  1. Microsoft Security Response Center (MSRC)
  2. Microsoft Learn – Windows & Security Updates
  3. CVE Details (NVD)
  4. Informa TechTarget – Search Windows Server
  5. Ivanti Security Research

Related Post