Microsoft Patch Tuesday: May 2025, (Tue, May 13th) SANS Internet Storm Center, InfoCON: green

May 13, 2025

Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month. 

Today, Microsoft released its expected update for the May patch on Tuesday. This update fixes 78 vulnerabilities. 11 are rated as critical, and 66 as important. Five of the vulnerabilities have already been exploited and two were publicly known but not yet exploited. 70 of the vulnerabilities were patched today, 8 had patches delivered earlier this month.

Notable Vulnerabilities:

%%cve:2025-30397%%: This vulnerability is already exploited. It could lead to remote code execution if a user visits a malicious web page, but only if Edge is running in Internet Explorer mode.

The other four already exploited vulnerabilities are all privilege escalation vulnerabilities. The two already known vulnerabilities include a remote code execution vulnerability in Visual Studio and a spoofing vulnerability in Microsoft Defender.

Most of the critical vulnerabilities affect Microsoft Office and the Remote Desktop Client. 

%%cve:2025-29831%% could be interesting: It is only rated “important”, but it is described as a remote code execution issue in Windows Remote Desktop. No authorization is required to exploit the vulnerability. Exploitation relies on a race collation which is often not reliably exploitable (but exploitable). The attack has to be triggered while the server is being restarted. This may be exploitable if a denial of service vulnerability can be used to restart the system.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
%%cve:2025-26646%% No No Important 8.0 7.0
Active Directory Certificate Services (AD CS) Denial of Service Vulnerability
%%cve:2025-29968%% No No Important 6.5 5.7
Azure Automation Elevation of Privilege Vulnerability
%%cve:2025-29827%% No No Critical 9.9 8.9
Azure DevOps Server Elevation of Privilege Vulnerability
%%cve:2025-29813%% No No Critical 10.0 9.0
Azure Storage Resource Provider Spoofing Vulnerability
%%cve:2025-29972%% No No Critical 9.9 8.9
Document Intelligence Studio On-Prem Elevation of Privilege Vulnerability
%%cve:2025-30387%% No No Important 9.8 8.5
Kernel Streaming Service Driver Elevation of Privilege Vulnerability
%%cve:2025-24063%% No No Important 7.8 6.8
MS-EVEN RPC Remote Code Execution Vulnerability
%%cve:2025-29969%% No No Important 7.5 6.5
Microsoft Azure File Sync Elevation of Privilege Vulnerability
%%cve:2025-29973%% No No Important 7.0 6.1
Microsoft Brokering File System Elevation of Privilege Vulnerability
%%cve:2025-29970%% No No Important 7.8 6.8
Microsoft DWM Core Library Elevation of Privilege Vulnerability
%%cve:2025-30400%% No Yes Important 7.8 7.2
Microsoft Dataverse Elevation of Privilege Vulnerability
%%cve:2025-29826%% No No Important 7.3 6.4
Microsoft Dataverse Remote Code Execution Vulnerability
%%cve:2025-47732%% No No Critical 8.7 7.6
Microsoft Defender Elevation of Privilege Vulnerability
%%cve:2025-26684%% No No Important 6.7 5.8
Microsoft Defender for Identity Spoofing Vulnerability
%%cve:2025-26685%% Yes No Important 6.5 5.7
Microsoft Edge (Chromium-based) Spoofing Vulnerability
%%cve:2025-29825%% No No Less Likely Less Likely Low 6.5 5.7
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2025-29977%% No No Important 7.8 6.8
%%cve:2025-29979%% No No Important 7.8 6.8
%%cve:2025-30375%% No No Important 7.8 6.8
%%cve:2025-30376%% No No Important 7.8 6.8
%%cve:2025-30379%% No No Important 7.8 6.8
%%cve:2025-30381%% No No Important 7.8 6.8
%%cve:2025-30383%% No No Important 7.8 6.8
%%cve:2025-30393%% No No Important 7.8 6.8
%%cve:2025-32704%% No No Important 8.4 7.3
Microsoft Office Remote Code Execution Vulnerability
%%cve:2025-30377%% No No Critical 8.4 7.3
%%cve:2025-30386%% No No Critical 8.4 7.3
Microsoft Outlook Remote Code Execution Vulnerability
%%cve:2025-32705%% No No Important 7.8 6.8
Microsoft PC Manager Elevation of Privilege Vulnerability
%%cve:2025-29975%% No No Important 7.8 6.8
Microsoft Power Apps Information Disclosure Vulnerability
%%cve:2025-47733%% No No Critical 9.1 7.9
Microsoft PowerPoint Remote Code Execution Vulnerability
%%cve:2025-29978%% No No Important 7.8 6.8
Microsoft SharePoint Server Elevation of Privilege Vulnerability
%%cve:2025-29976%% No No Important 7.8 6.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
%%cve:2025-30378%% No No Important 7.0 6.1
%%cve:2025-30382%% No No Important 7.8 6.8
%%cve:2025-30384%% No No Important 7.4 6.4
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
%%cve:2025-29833%% No No Critical 7.1 6.2
Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability
%%cve:2025-27488%% No No Important 6.7 5.8
Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
%%cve:2025-33072%% No No Critical 8.1 7.1
NTFS Elevation of Privilege Vulnerability
%%cve:2025-32707%% No No Important 7.8 6.8
Remote Desktop Client Remote Code Execution Vulnerability
%%cve:2025-29966%% No No Critical 8.8 7.7
%%cve:2025-29967%% No No Critical 8.8 7.7
Scripting Engine Memory Corruption Vulnerability
%%cve:2025-30397%% No Yes Important 7.5 7.0
Universal Print Management Service Elevation of Privilege Vulnerability
%%cve:2025-29841%% No No Important 7.0 6.1
UrlMon Security Feature Bypass Vulnerability
%%cve:2025-29842%% No No Important 7.5 6.5
Visual Studio Code Security Feature Bypass Vulnerability
%%cve:2025-21264%% No No Important 7.1 6.2
Visual Studio Information Disclosure Vulnerability
%%cve:2025-32703%% No No Important 5.5 4.8
Visual Studio Remote Code Execution Vulnerability
%%cve:2025-32702%% Yes No Important 7.8 6.8
Web Threat Defense (WTD.sys) Denial of Service Vulnerability
%%cve:2025-29971%% No No Important 7.5 6.5
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
%%cve:2025-32709%% No Yes Important 7.8 6.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
%%cve:2025-32701%% No Yes Important 7.8 7.2
%%cve:2025-32706%% No Yes Important 7.8 7.2
%%cve:2025-30385%% No No Important 7.8 6.8
Windows Deployment Services Denial of Service Vulnerability
%%cve:2025-29957%% No No Important 6.2 5.4
Windows ExecutionContext Driver Elevation of Privilege Vulnerability
%%cve:2025-29838%% No No Important 7.4 6.4
Windows Graphics Component Remote Code Execution Vulnerability
%%cve:2025-30388%% No No Important 7.8 6.8
Windows Hyper-V Denial of Service Vulnerability
%%cve:2025-29955%% No No Important 6.2 5.4
Windows Installer Information Disclosure Vulnerability
%%cve:2025-29837%% No No Important 5.5 4.8
Windows Kernel Information Disclosure Vulnerability
%%cve:2025-29974%% No No Important 5.7 5.0
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
%%cve:2025-27468%% No No Important 7.0 6.1
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
%%cve:2025-29954%% No No Important 5.9 5.2
Windows Media Remote Code Execution Vulnerability
%%cve:2025-29964%% No No Important 8.8 7.7
%%cve:2025-29840%% No No Important 8.8 7.7
%%cve:2025-29962%% No No Important 8.8 7.7
%%cve:2025-29963%% No No Important 8.8 7.7
Windows Multiple UNC Provider Driver Information Disclosure Vulnerability
%%cve:2025-29839%% No No Important 4.0 3.5
Windows Remote Access Connection Manager Information Disclosure Vulnerability
%%cve:2025-29835%% No No Important 6.5 5.7
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
%%cve:2025-30394%% No No Important 5.9 5.2
%%cve:2025-26677%% No No Important 7.5 6.5
Windows Remote Desktop Services Remote Code Execution Vulnerability
%%cve:2025-29831%% No No Important 7.5 6.5
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
%%cve:2025-29959%% No No Important 6.5 5.7
%%cve:2025-29960%% No No Important 6.5 5.7
%%cve:2025-29830%% No No Important 6.5 5.7
%%cve:2025-29832%% No No Important 6.5 5.7
%%cve:2025-29836%% No No Important 6.5 5.7
%%cve:2025-29958%% No No Important 6.5 5.7
%%cve:2025-29961%% No No Important 6.5 5.7
Windows SMB Information Disclosure Vulnerability
%%cve:2025-29956%% No No Important 5.4 4.7
Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
%%cve:2025-29829%% No No Important 5.5 4.8

 


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. 

Read More

Share

In The News

Tech Jacks
Derrick Jackson is a IT Security Professional with over 10 years of experience in Cybersecurity, Risk, & Compliance and over 15 Years of Experience in Enterprise Information Technology

Leave A Reply


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.