Microsoft May 2025 Patch Tuesday: 72 Vulnerabilities Fixed Including Five Zero-Days and Six Critical Flaws

Microsoft has released its May 2025 Patch Tuesday update, addressing a total of 72 vulnerabilities across its product lineup. Among these, five are zero-day vulnerabilities that have been actively exploited in the wild, while six are rated as Critical, including five Remote Code Execution (RCE) flaws and one Information Disclosure vulnerability. These vulnerabilities are essential for mitigating risks such as remote code execution, privilege escalation, information disclosure, denial of service, security feature bypass, and spoofing. This significant update also includes non-security updates for Windows 10 and Windows 11, enhancing system stability and performance.

Why Patch Tuesday Matters

Patch Tuesday is Microsoft’s monthly release of security updates designed to fix vulnerabilities in its software, including Windows operating systems, Office applications, server products like Exchange and SQL Server, and other components. These vulnerabilities can be exploited by malicious actors to gain unauthorized access to systems, steal data, disrupt operations, or spread malware. Applying these updates promptly is essential to mitigate these risks.

Patch Tuesday updates are cumulative updates that usually only include minor patches and security fixes. 

Five Zero-Day Vulnerabilities Patched May 2025 Patch Tuesday

• CVE-2025-30400, an elevation of privilege (EoP) vulnerability in Microsoft DWM Core Library;
• CVE-2025-30397, a memory corruption leading to remote code execution (RCE) vulnerability in Scripting Engine;
• CVE-2025-32701, an EoP vulnerability in Windows Common Log File System Driver (CLFS);
• CVE-2025-32706, a second EoP flaw in CLFS;
• CVE-2025-32709, an EoP issue in Windows Ancillary Function Driver for WinSock (AFD.sys).

All five of these CVEs are listed by Microsoft as being exploited in the wild, but have not yet been made public. They are all rated as being of Important severity, and all save the Scripting Engine flaw carry CVSS ratings of 7.8.

Six Critical Vulnerabilities Patched May 2025 Patch Tuesday

• CVE-2025-29966 & CVE-2025-29967 – Remote Desktop Client Remote Code Execution Vulnerabilities
  Heap-based buffer overflow vulnerabilities in the Remote Desktop Client may allow unauthenticated attackers to achieve remote code execution.
• CVE-2025-30377 & CVE-2025-30386 – Microsoft Office Remote Code Execution Vulnerabilities
  Use-after-free vulnerabilities in Microsoft Office could be exploited by unauthenticated attackers to execute arbitrary code remotely.
• CVE-2025-29833 – Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
  A vulnerability in the Microsoft VMBus component used in Hyper-V environments may permit remote code execution by unauthenticated attackers.
• CVE-2025-26685 – Microsoft Defender for Identity Spoofing Vulnerability
  A spoofing vulnerability in Microsoft Defender for Identity could enable attackers to impersonate users or services, potentially bypassing security measures.

All six vulnerabilities are rated Critical by Microsoft, with potential for remote code execution or spoofing. There is currently no evidence of exploitation in the wild.

Windows 10 and Windows 11 Updates

In addition to the security patches, Microsoft released non-security updates for Windows 10 and Windows 11 to improve system performance and reliability.

Windows 11 Updates

Build 26100.4061 (KB5058411) for version 24H2 introduces Security fixes for the zero-days listed above. Continued rollout of AI features like “Recall,” “Click to Do,” and “Cocreator” in Clipchamp. Enhanced protections for the kernel and scripting engine. Fixes vulnerabilities affecting Windows Defender and DWM.

Windows 10 Update

Build 19045.5854 (KB5058379) for version 22H2 includes Fixes for all the critical and zero-day vulnerabilities. No new features, as Windows 10 is in maintenance mode. Fixes GPU issues in the Windows Subsystem for Linux 2 (WSL2), resolves system errors related to Event Viewer, and more.

Microsoft reminds users that Windows 10 support ends on October 14, 2025, and encourages upgrading to Windows 11 for continued updates and security.

Microsoft also confirmed that Microsoft 365 Apps will receive security updates on Windows 10 until October 2028, even after its EOL in October 2025.

Windows 7 and Windows 8.1 reached the End of support from Microsoft, which means the company no longer provides frequent updates or security patches for these operating systems. For more information please visit the Microsoft lifecycle page at https://learn.microsoft.com/en-us/lifecycle/end-of-support/end-of-support-2023

How to Obtain and Install the Updates

The primary method for obtaining and installing these updates is through Windows Update:

1. Windows Update: Go to Settings > Update & Security > Windows Update (or equivalent in older Windows versions) and check for updates.
2. WSUS/SCCM: Organizations using Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM) can deploy updates through their centralized management systems.
3. Microsoft Update Catalog: For specific updates or offline installations, you can download them directly from the Microsoft Update Catalog website.

Windows update offline installers:

• Windows 11 KB5058411 (Version 24H2) offline installer Direct Download Link 64-bit.
• Windows 11 KB5058405 (Version 23H2/22H2) offline installer Direct Download Link 64-bit.
• Windows 10 KB5058379 (For versions 22H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86).

Windows 10 KB5058392 (for version 1809) Offline Download Links

• KB5058392 64-bit | Download (696.9 MB)
• KB5058392 32-bit | Download (375.8 MB)

Important note:

• Focus on installing critical updates first, as they address the most severe vulnerabilities.
• Enable automatic updates to ensure that security patches are installed promptly.
• Before deploying updates to production systems, it’s recommended to test them in a non-production environment to identify any potential compatibility issues.
• Regularly check the Microsoft Security Update Guide for detailed information about released updates.

What time do Patch Tuesday patches come out?

• Microsoft schedules the release of security updates on “Patch Tuesday,” the second Tuesday of each month at 10:00 AM PST.

Is Patch Tuesday weekly or monthly?

• Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on June 10, 2025.

Why did the second Tuesday of every month called Patch Tuesday?

• The second Tuesday of the month is referred to as “Patch Tuesday” because Microsoft attempts to combine the largest updates into this maintenance window.

What is the latest update for Windows 11 May 2025?

• The latest Windows 11 KB5058411 for version 24H2 and KB5058379 is for Windows 10 version 22H/21H2.

What is the zero-day patch?

• The term “Zero-Day” is used when security teams are unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue.