- AMD targets hosting providers with affordable EPYC 4005 processors
- Tech leaders are rushing to deploy agentic AI, study shows
- Your car's USB port has hidden superpowers: 5 features you're not taking advantage of
- Who wants to be a chief AI officer? A new career path emerges
- Rebooting your phone daily is your best defense against zero-click attacks - here's why
Microsoft Fixes Seven Zero-Days in May Patch Tuesday
Microsoft has released security updates to fix seven zero-day vulnerabilities, five of which are under active exploitation.
This month’s Patch Tuesday saw the tech giant release fixes for over 70 vulnerabilities, including five actively exploited zero-days, which are:
- CVE-2025-32701: An elevation of privilege (EoP) vulnerability in Windows Common Log File System Driver
- CVE-2025-32709: An EoP bug in Windows Ancillary Function Driver for WinSock
- CVE-2025-30397: A remote code execution (RCE) vulnerability in Microsoft Scripting Engine
- CVE-2025-32706: Another EoP flaw in Windows Common Log File System Driver
- CVE-2025-30400: An EoP bug in Microsoft DWM Core Library
There is no information from Microsoft on exactly how these zero-days are being exploited in the wild.
However, Kev Breen, senior director threat research at Immersive, warned that patching should be a priority as the average time from public disclosure of vulnerabilities to exploitation at scale is less than five days.
He added that ransomware affiliates in particular would be looking to exploit EoP vulnerabilities.
“Privilege escalation means that an attacker must already have initial access to a compromised host, typically through a phishing attack or by using stolen credentials,” said Breen.
“But if that access already exists, attackers will almost always look to gain higher levels of access, resulting in system level access. With that they can disable security tooling or even gain domain administration level permissions using credential harvesting tools.”
Read more on Patch Tuesday: Microsoft Patches Eight Zero-Days to Start the Year.
Microsoft also classes publicly disclosed vulnerabilities which have yet to be exploited as “zero days”. This month there were two of these.
CVE-2025-32702 is an RCE bug in Visual Studio, which poses a “significant risk to developer systems” where it could be used to compromise software supply chains, according to Mat Lee, senior security engineer at Automox.
“This vulnerability has the potential of being especially dangerous in engineering environments, where developers often hold broader permissions than standard users,” he explained. “In combination with other known vulnerabilities – such as CVE-2025-2351 … this CVE could be part of a chained exploit, giving attackers fast, privileged access with minimal interaction.”
The second publicly reported zero-day is CVE-2025-26685, which is an identity spoofing vulnerability in Microsoft Defender.
“Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network,” Microsoft said of the flaw.
In related news, SAP this week released a security update to patch a zero-day vulnerability (CVE-2025-42999) being exploited in attacks on NetWeaver customers. The bug is one of two SAP NetWeaver zero-days under active exploitation – the other being CVE-2025-31324.
