Security News > 2025 > May > Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
2025-05-13 19:53
On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory corruption vulnerability in the Windows scripting engine (CVE-2025-30397) that is being exploited to remotely execute malicious code. “The user would have to click on a specially crafted URL to be compromised by the attacker,” … More → The post Patch Tuesday: Microsoft fixes 5 actively exploited zero-days appeared first on Help Net Security.
News URL
Related news
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-13 | CVE-2025-30397 | Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. | 7.5 |