Microsoft’s Latest Patch Tuesday Update Fixes Five Actively Exploited Zero-Days

Another month, another Patch Tuesday update from Microsoft. The company’s Patch Tuesday for May arrived on the 13th, and it’s a full update: In fact, there are fixes for 72 flaws, including seven zero-day vulnerabilities.

While all security flaws are important to patch, zero-day vulnerabilities are particularly important. A zero-day is a security flaw that is publicly disclosed or actively exploited before the software developer can make a patch. As such, seven of the 72 flaws here were either publicly disclosed or actively exploited before this latest Patch Tuesday. Unfortunately, more of the flaws were exploited than simply disclosed.

Five of the seven were actively exploited. While Microsoft has not shared details regarding the attacks, we do know which zero-days were exploited:

• CVE-2025-30400: Microsoft DWM Core Library Elevation of Privilege Vulnerability
• CVE-2025-32701: Windows Common Log File System Driver Elevation of Privilege Vulnerability
• CVE-2025-32706: Windows Common Log File System Driver Elevation of Privilege Vulnerability
• CVE-2025-32709: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
• CVE-2025-30397: Scripting Engine Memory Corruption Vulnerability

The other two zero-days were not actively exploited, at least not to Microsoft’s knowledge as of May 13. They include:

• CVE-2025-26685: Microsoft Defender for Identity Spoofing Vulnerability
• CVE-2025-32702: Visual Studio Remote Code Execution Vulnerability

Make sure to update your Windows PC ASAP in order to protect against all the flaws Microsoft patched. You can update from Start -> Settings -> Windows Update -> Check for Windows updates.