Microsoft Patch Tuesday – May 2025
Contents
⚡ TL;DR | Go Straight to the May 2025 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The May 2025 edition of Patch Tuesday brings us 71 new fixes, with 5 rated as critical and 5 exploited. We’ve listed the most important changes below.
Windows Common Log File System Driver Elevation of Privilege Vulnerabilities
CVE-2025-32706, CVE-2025-32701, CVE-2025-30385 are the three vulnerabilities fixed in today’s patch Tuesday related to the Common Log File System Driver. Two of these have been actively exploited so getting these fixed ASAP should be a priority as exploitation could lead to an attacker gaining SYSTEM privileges.
CLFS is a kernel-mode component that provides a general-purpose log file system for Windows components. An attacker can exploit this vulnerability by running a specially crafted application that triggers the flaw.
Scripting Engine Memory Corruption Vulnerability
CVE-2025-30397 is another known exploited vulnerability. This vulnerability has a CVSS base score of 7.5. Microsoft provided the following additional details:
Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
This vulnerability requires a high-complexity attack where an authenticated user must click a specially crafted URL that opens in Edge’s Internet Explorer Mode, enabling a remote, unauthenticated attacker to execute code. Although Internet Explorer is retired on some platforms, the underlying MSHTML and scripting components remain supported and are still used by various applications, so cumulative IE updates are necessary even on older Windows Server versions.
Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2025-30400 is yet again an exploited vulnerability, with a CVSS base score of 7.8. This use-after-free vulnerability in Windows DWM allows a local, authorized attacker to elevate privileges and gain SYSTEM-level access. While not publicly disclosed, exploitation has been detected in the wild, making it a high-risk threat.
Run the Patch Tuesday May 2025 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday May 2025 CVE Codes & Titles
| CVE Number | CVE Title |
| CVE-2025-32709 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2025-32707 | NTFS Elevation of Privilege Vulnerability |
| CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-32705 | Microsoft Outlook Remote Code Execution Vulnerability |
| CVE-2025-32704 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-32703 | Visual Studio Information Disclosure Vulnerability |
| CVE-2025-32702 | Visual Studio Remote Code Execution Vulnerability |
| CVE-2025-32701 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-30400 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2025-30397 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2025-30394 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-30393 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30388 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2025-30387 | Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability |
| CVE-2025-30386 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-30385 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2025-30384 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30383 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30382 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30381 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30379 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30378 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2025-30377 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2025-30376 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-30375 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29979 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29978 | Microsoft PowerPoint Remote Code Execution Vulnerability |
| CVE-2025-29977 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2025-29976 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
| CVE-2025-29975 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2025-29974 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2025-29973 | Microsoft Azure File Sync Elevation of Privilege Vulnerability |
| CVE-2025-29971 | Web Threat Defense (WTD.sys) Denial of Service Vulnerability |
| CVE-2025-29970 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2025-29969 | MS-EVEN RPC Remote Code Execution Vulnerability |
| CVE-2025-29968 | Active Directory Certificate Services (AD CS) Denial of Service Vulnerability |
| CVE-2025-29967 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-29966 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2025-29964 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-29963 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-29962 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-29961 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29960 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29959 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29958 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29957 | Windows Deployment Services Denial of Service Vulnerability |
| CVE-2025-29956 | Windows SMB Information Disclosure Vulnerability |
| CVE-2025-29955 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2025-29954 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2025-29842 | UrlMon Security Feature Bypass Vulnerability |
| CVE-2025-29841 | Universal Print Management Service Elevation of Privilege Vulnerability |
| CVE-2025-29840 | Windows Media Remote Code Execution Vulnerability |
| CVE-2025-29839 | Windows Multiple UNC Provider Driver Information Disclosure Vulnerability |
| CVE-2025-29838 | Windows ExecutionContext Driver Elevation of Privilege Vulnerability |
| CVE-2025-29837 | Windows Installer Information Disclosure Vulnerability |
| CVE-2025-29836 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29835 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2025-29833 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
| CVE-2025-29832 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29831 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| CVE-2025-29830 | Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability |
| CVE-2025-29829 | Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability |
| CVE-2025-29826 | Microsoft Dataverse Elevation of Privilege Vulnerability |
| CVE-2025-27488 | Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability |
| CVE-2025-27468 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2025-26685 | Microsoft Defender for Identity Spoofing Vulnerability |
| CVE-2025-26684 | Microsoft Defender Elevation of Privilege Vulnerability |
| CVE-2025-26677 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CVE-2025-26646 | .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability |
| CVE-2025-24063 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2025-21264 | Visual Studio Code Security Feature Bypass Vulnerability |
Ready to get started?
You’ll be up and running in no time.
Explore all our features, free for 14 days.