[German]On May 13, Microsoft released security updates for Windows clients and servers, for Office – as well as for other products. The security updates eliminate 71 vulnerabilities (CVEs), seven of which were classified as 0-day. Five vulnerabilities have already been attacked. Below is a compact overview of these updates that were released on Patchday.
Advertising
Notes on the updates
A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.
Windows 10/11, Windows Server
All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.
Windows Server 2012 R2
An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).
Fixed vulnerabilities
Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:
- CVE-2025-30385, CVE-2025-32701 and CVE-2025-32706: Windows Common Log File System Driver Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; An attacker can elevate privileges locally and crash the system. Both CVE-2025-32701 and CVE-2025-32706 have been exploited as zero-days in the wild, while CVE-2025-30385 is rated as "Exploitation More Likely" according to Microsoft's Exploitability Index.
- CVE-2025-30400: Microsoft DWM Core Library Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; Successful exploitation would allow an attacker to escalate privileges by exploiting a use-after-free vulnerability. Microsoft points out that this is a zero-day vulnerability.
- CVE-2025-30397: Scripting Engine Memory Corruption vulnerability, CVEv3 Score 7.5, important; it is a memory corruption vulnerability in the Microsoft Scripting Engine that can be exploited to achieve the execution of arbitrary code on a target machine. The complexity of the attack is rated as high, and Microsoft points out that the target must first run Microsoft Edge in Internet Explorer mode. To successfully exploit the vulnerability, the user must click on a spoofed URL. This vulnerability has reportedly been exploited in the wild as a zero-day.
- CVE-2025-26685: Microsoft Defender for Identity Spoofing vulnerability, CVEv3 Score 6.5, important; This vulnerability allows an unauthenticated attacker with access to a local area network (LAN) to perform a spoofing attack. According to Microsoft, this vulnerability became known before patches were made available.
- CVE-2025-32709: Windows Ancillary Function Driver for WinSock Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; An authenticated attacker can exploit a user-after-free condition e to elevate their privileges to administrator. The vulnerability was exploited as 0-day in the wild.
- CVE-2025-32702: Visual Studio Remote Code Execution vulnerability, CVEv3 Score 7.8, important; An unauthenticated local attacker can exploit this vulnerability to execute code.
A list of all CVEs discovered can be found on this Microsoft page, excerpts are available at Tenable.
Advertising
Similar articles:
Microsoft Security Update Summary (May 13, 2025)
Patchday: Windows 10/11 Updates (May 13, 2025)
Patchday: Windows Server-Updates (May 13, 2025)
Patchday: Microsoft Office Updates (May 13, 2025)
Advertising
