In its most recent monthly update, Microsoft has tackled a total of 72 security vulnerabilities. Among these, five zero-day vulnerabilities have been actively exploited, with two having been publicly acknowledged.

According to Bleeping Computer, the updates for May include notable fixes: 17 related to elevation of privilege exploits, two concerning security feature bypasses, 28 for remote code execution, 15 for information disclosure, seven for denial of service, and two related to spoofing. Crucially, six remote code execution flaws carry a “critical” designation, along with one information disclosure vulnerability.

For users of Windows or Microsoft products, it is vital to ensure that your systems are fully updated.

Comprehensive Overview of May 2025 Updates

While every security update from Microsoft is essential for safeguarding devices and sensitive information, this month’s Patch Tuesday warrants particular attention due to the significant number of zero-day vulnerabilities—issues that have either been exploited in the wild or disclosed publicly prior to an official fix.

Among the five actively exploited zero-days, four are related to elevation of privilege vulnerabilities. Specifically, CVE-2025-32701 and CVE-2025-32706 impact the Windows Common Log File System Driver, CVE-2025-30400 concerns the Microsoft DWM Core Library, and CVE-2025-32709 involves the Windows Ancillary Function Driver for WinSock. Each of these allows malicious actors to gain SYSTEM-level privileges locally.

The fifth zero-day pertains to a remote code execution vulnerability identified as CVE-2025-30397, which affects the Microsoft Scripting Engine. The vulnerability can be exploited if a user, already authenticated, clicks on a deceptive link found in Microsoft Edge or Internet Explorer, enabling attackers to execute malicious code remotely.

The vulnerabilities CVE-2025-30397, CVE-2025-32701, and CVE-2025-30400 were uncovered by the Microsoft Threat Intelligence Center. Meanwhile, CVE-2025-32706 was revealed by the Google Threat Intelligence Group and the CrowdStrike Advanced Research Team, with CVE-2025-32709 being reported by an anonymous researcher. As of now, Microsoft has not provided insight into the methods used to exploit these vulnerabilities.

One of the zero-days that has been publicly reported this month is a spoofing vulnerability found in Microsoft Defender (CVE-2025-26685). This flaw permits unauthenticated users with local area network access to impersonate another account. It was identified by Joshua Murrell of NetSPI. The last zero-day, CVE-2025-32702, concerns a remote code execution vulnerability within Visual Studio, although Microsoft has not released further details on this issue.

Tips for Securing Your PC

To mitigate risks, security updates should be applied promptly when they become available. Windows and Microsoft patches typically download and install automatically; however, it’s advisable to verify that your system is updated by navigating to Start > Settings > Windows Update and clicking on Check for Windows updates.