Security News > 2025 > May > Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
2025-05-13 19:53
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory corruption vulnerability in the Windows scripting engine (CVE-2025-30397) that is being exploited to remotely execute malicious code. “The user would have to click on a specially crafted URL to be compromised by the attacker,” … More → The post Patch Tuesday: Microsoft fixes 5 actively exploited zero-days appeared first on Help Net Security.
News URL
Related news
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Microsoft's May Patch Tuesday update fails on some Windows 11 VMs (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- May 2025 Patch Tuesday forecast: Panic, change, and hope (source)
- Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Go ahead and ignore Patch Tuesday – it might improve your security (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-30397 | Unspecified vulnerability in Microsoft products Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | 0.0 |