Microsoft's Patch Tuesday for May 2025 addresses 78 vulnerabilities across its product suite, including five zero-day vulnerabilities that are already being exploited in the wild.
The Windows 11 cumulative update KB5058411 (Build 26100.4061) brings critical fixes for elevation-of-privilege and remote code execution flaws impacting core Windows components.
The update was released on May 13, 2025, as part of Microsoft's monthly patch cycle. This month's most severe and urgent fixes include four elevation-of-privilege flaws and one remote code execution vulnerability — all marked as “Exploitation Detected” by Microsoft's threat telemetry. These high-risk bugs are actively exploited by attackers and demand immediate attention.
Zero-day vulnerabilities
Among the zero-day flaws patched in this cycle are:
- CVE-2025-32706 and CVE-2025-32701: Both found in the Windows Common Log File System (CLFS) driver, these vulnerabilities stem from “use after free” issues and allow local privilege escalation. Attackers exploiting these flaws gain SYSTEM-level access, effectively taking full control of the system. CVE-2025-32706 was reported by Benoit Sevens of Google Threat Intelligence and CrowdStrike's Advanced Research Team, while CVE-2025-32701 was attributed to Microsoft's internal Threat Intelligence Center.
- CVE-2025-32709: This vulnerability affects the Ancillary Function Driver for WinSock (AFD.sys) and also involves a use-after-free condition. Successful exploitation enables attackers with limited local privileges to escalate to administrator level. This issue was privately reported by an anonymous researcher.
- CVE-2025-30400: Residing in the Desktop Window Manager (DWM) Core Library, this flaw allows a local attacker to elevate privileges to SYSTEM via a use-after-free scenario.
- CVE-2025-30397: A remote code execution vulnerability in the Microsoft Scripting Engine caused by type confusion. Exploitation requires user interaction — typically via a crafted webpage opened in Internet Explorer mode in Microsoft Edge. Although the complexity is high, attackers successfully leverage it to execute arbitrary code on vulnerable systems.
Check here for the complete list of fixes for this month, encompassing 78 vulnerabilities.
Broader update context
This Patch Tuesday update applies to Windows 11 version 24H2 and is part of a cumulative roll-up that also includes April's KB5055627. Functional issues addressed include a fix for an unexpected microphone mute bug and resolution of a launch failure in the Eye Control application. The update also refreshes several AI components like Image Search, Content Extraction, and Semantic Analysis to version 1.7.824.0.
This month's update suite covers Windows 10, Windows 11 (22H2, 23H2, and 24H2), and numerous Windows Server builds, reinforcing the scale and criticality of Microsoft's Patch Tuesday releases.
The May 2025 updates are available via Windows Update, Microsoft Update, and WSUS (Windows Server Update Services). The security updates can also be manually downloaded from Microsoft's Update Catalog. Users are strongly encouraged to apply these patches as soon as possible to protect their systems from active exploitation.
The simplest way for regular users to apply the update on Windows is through Settings → Windows Update, and clicking ‘Check for Updates.' The process will start automatically, and a system reboot will be required for the application of the patches.
Even though Microsoft states there are no known issues with this update, things may still break and important configurations may be unexpectedly reset. Make sure to take backups of your most critical data before applying the update, and check after the process is completed that critical operations weren't adversely impacted.
Leave a Reply