May 2025 Patch Tuesday Updates Fix 5 Zero-Day Vulnerabilities

Microsoft’s May 2025 Patch Tuesday enhances both security and user experience across Windows 10 and 11.

Windows update hero image

Key Takeaways:

  • Microsoft’s May 2025 Patch Tuesday includes 74 security fixes, addressing critical vulnerabilities across Windows, Office, Azure, Microsoft Defender, and more.
  • Microsoft has patched at least five flaws currently being actively exploited.
  • The KB5058411 update for Windows 11 version 24H2 brings AI-powered features like Recall and Click to Do on Copilot+ PCs.

Microsoft has rolled out the May 2025 Patch Tuesday updates, delivering not only the routine security fixes but also several notable quality enhancements for Windows 11 and Windows 10. This month’s release includes an impressive 74 patches addressing vulnerabilities across Windows and its components, Office, Azure, Remote Desktop Gateway Service, Microsoft Defender, and more.

On the quality and experience updates front, Microsoft has rolled out the KB5058411 patch for Windows 11 version 24H2, which brings AI-powered Recall and Click to Do features for Copilot+ PCs. On Windows 11 version 23H2, the KB5058405 update adds new pivot-based curated views in File Explorer Home, improved performance with ZIP files, and enhanced support for text scaling.

74 vulnerabilities fixed in the May 2025 Patch Tuesday updates

This month, Microsoft has patched 12 critical vulnerabilities and the rest are rated Important in severity. The company has warned that five vulnerabilities are under attack right now targeting Windows 10 and 11 PCs as well as Windows Server machines. Let’s take a look at the most important vulnerabilities Microsoft fixed in the May 2025 Patch Tuesday updates.

  • CVE-2025-30397: This is a Scripting Engine memory-corruption vulnerability with a CVSS score of 7.5. This bug could enable unauthorized attackers to execute remote code execution attacks on unpatched systems.
  • CVE-2025-30400: This is an elevation of privilege vulnerability in the Microsoft Desktop Window Manager (DWM) Core Library. This security flaw affects Windows 11, Windows 10, Windows Server 2016, and newer versions of the server OS.
  • CVE-2025-32701 and CVE-2025-32706: These are Windows Common Log File System Driver elevation-of-privilege vulnerabilities with a 7.8 CVSS score. Attackers could exploit these vulnerabilities to locally takeover a device and perform unauthorized actions.
  • CVE-2025-32702: This is a remote-code execution vulnerability that affects Visual Studio 2019 and 2022.
  • CVE-2025-32709: This is a Windows Ancillary Function driver for Winsock elevation-of-privilege vulnerability with a CVSS score of 7.8. It could enable threat actors to trigger the exploit and gain administrator-level privileges on targeted devices.
  • CVE-2025-29972: This is a critical Server-Side Request Forgery (SSRF) vulnerability affecting Microsoft Azure, specifically within the Azure Storage Resource Provider.
  • CVE-2025-29827: This flaw allows cybercriminals to launch elevation of privilege attacks against Azure Automation.

You can find below the full list of CVEs included in this month’s Patch Tuesday:

ProductImpactMax SeverityArticleDownloadBuild NumberDetails
Windows Server 2008 for 32-bit Systems Service Pack 2Elevation of PrivilegeImportant5058449Monthly Rollup6.0.6003.23279CVE-2025-24063
Windows Server 2008 for 32-bit Systems Service Pack 2Elevation of PrivilegeImportant5058429Security Only6.0.6003.23279CVE-2025-24063
Windows Server 2016 (Server Core installation)Elevation of PrivilegeImportant5058383Security Update10.0.14393.8066CVE-2025-24063
Windows Server 2016Elevation of PrivilegeImportant5058383Security Update10.0.14393.8066CVE-2025-24063
Windows 10 Version 22H2 for x64-based SystemsRemote Code ExecutionImportant5058379Security Update10.0.19045.5854CVE-2025-30397
Windows 11 Version 22H2 for x64-based SystemsRemote Code ExecutionImportant5058405Security Update10.0.22621.5335CVE-2025-30397
Windows 11 Version 22H2 for ARM64-based SystemsRemote Code ExecutionImportant5058405Security Update10.0.22621.5335CVE-2025-30397
Windows 10 Version 21H2 for x64-based SystemsRemote Code ExecutionImportant5058379Security Update10.0.19044.5854CVE-2025-30397
Windows 10 Version 21H2 for ARM64-based SystemsRemote Code ExecutionImportant5058379Security Update10.0.19044.5854CVE-2025-30397
Windows 10 Version 21H2 for 32-bit SystemsRemote Code ExecutionImportant5058379Security Update10.0.19044.5854CVE-2025-30397
Windows Server 2022 (Server Core installation)Remote Code ExecutionImportant5058385Security Update10.0.20348.3692CVE-2025-30397
Windows Server 2022Remote Code ExecutionImportant5058385Security Update10.0.20348.3692CVE-2025-30397
Windows Server 2022Remote Code ExecutionImportant5058500SecurityHotpatchUpdate10.0.20348.3630CVE-2025-30397
Windows Server 2019 (Server Core installation)Remote Code ExecutionImportant5058392Security Update10.0.17763.7314CVE-2025-30397
Windows Server 2019Remote Code ExecutionImportant5058392Security Update10.0.17763.7314CVE-2025-30397
Windows 10 Version 1607 for x64-based SystemsInformation DisclosureImportant5058383Security Update10.0.14393.8066CVE-2025-29974
Windows 10 Version 1607 for 32-bit SystemsInformation DisclosureImportant5058383Security Update10.0.14393.8066CVE-2025-29974
Windows 10 for x64-based SystemsInformation DisclosureImportant5058387Security Update10.0.10240.21014CVE-2025-29974
Windows 10 for 32-bit SystemsInformation DisclosureImportant5058387Security Update10.0.10240.21014CVE-2025-29974
Windows Server 2025Information DisclosureImportant5058411Security Update10.0.26100.4061CVE-2025-29974
Windows Server 2025Information DisclosureImportant5058497SecurityHotpatchUpdate10.0.26100.3981CVE-2025-29974
Windows 11 Version 24H2 for x64-based SystemsInformation DisclosureImportant5058411Security Update10.0.26100.4061CVE-2025-29974
Windows 11 Version 24H2 for x64-based SystemsInformation DisclosureImportant5058497SecurityHotpatchUpdate10.0.26100.3981CVE-2025-29974
Windows 11 Version 24H2 for ARM64-based SystemsInformation DisclosureImportant5058411Security Update10.0.26100.4061CVE-2025-29974
Windows 11 Version 24H2 for ARM64-based SystemsInformation DisclosureImportant5058497SecurityHotpatchUpdate10.0.26100.3981CVE-2025-29974
Windows Server 2022, 23H2 Edition (Server Core installation)Information DisclosureImportant5058384Security Update10.0.25398.1611CVE-2025-29974
Windows 11 Version 23H2 for x64-based SystemsInformation DisclosureImportant5058405Security Update10.0.22631.5335CVE-2025-29961
Windows 11 Version 23H2 for ARM64-based SystemsInformation DisclosureImportant5058405Security Update10.0.22631.5335CVE-2025-29961
Windows Server 2025 (Server Core installation)Information DisclosureImportant5058411Security Update10.0.26100.4061CVE-2025-29961
Windows Server 2025 (Server Core installation)Information DisclosureImportant5058497SecurityHotpatchUpdate10.0.26100.3981CVE-2025-29961
Windows 10 Version 22H2 for 32-bit SystemsInformation DisclosureImportant5058379Security Update10.0.19045.5854CVE-2025-29961
Windows 10 Version 22H2 for ARM64-based SystemsInformation DisclosureImportant5058379Security Update10.0.19045.5854CVE-2025-29961
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Information DisclosureImportant5058430Monthly Rollup6.1.7601.27729CVE-2025-29956
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Information DisclosureImportant5058454Security Only6.1.7601.27729CVE-2025-29956
Windows Server 2008 R2 for x64-based Systems Service Pack 1Information DisclosureImportant5058430Monthly Rollup6.1.7601.27729CVE-2025-29956
Windows Server 2008 R2 for x64-based Systems Service Pack 1Information DisclosureImportant5058454Security Only6.1.7601.27729CVE-2025-29956
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5058449Monthly Rollup6.0.6003.23279CVE-2025-29956
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5058429Security Only6.0.6003.23279CVE-2025-29956
Windows Server 2008 for x64-based Systems Service Pack 2Information DisclosureImportant5058449Monthly Rollup6.0.6003.23279CVE-2025-29956
Windows Server 2008 for x64-based Systems Service Pack 2Information DisclosureImportant5058429Security Only6.0.6003.23279CVE-2025-29956
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5058449Monthly Rollup6.0.6003.23279CVE-2025-29956
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Information DisclosureImportant5058429Security Only6.0.6003.23279CVE-2025-29956
Microsoft 365 Apps for Enterprise for 32-bit SystemsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30393
Windows Server 2012 R2 (Server Core installation)Elevation of PrivilegeImportant5058403Monthly Rollup6.3.9600.22577CVE-2025-27468
Windows Server 2012 R2Elevation of PrivilegeImportant5058403Monthly Rollup6.3.9600.22577CVE-2025-27468
Windows Server 2012 (Server Core installation)Elevation of PrivilegeImportant5058451Monthly Rollup6.2.9200.25475CVE-2025-27468
Windows Server 2012Elevation of PrivilegeImportant5058451Monthly Rollup6.2.9200.25475CVE-2025-27468
Microsoft Office 2019 for 32-bit editionsRemote Code ExecutionCriticalClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30377
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002717Security Update16.0.5500.1000CVE-2025-30376
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002717Security Update16.0.5500.1000CVE-2025-30376
Microsoft Office LTSC 2024 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30376
Microsoft Office LTSC 2024 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30376
Microsoft Office LTSC 2021 for 32-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30376
Microsoft Office LTSC 2021 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30376
Microsoft 365 Apps for Enterprise for 64-bit SystemsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-30376
Windows 10 Version 1809 for x64-based SystemsRemote Code ExecutionImportant5058392Security Update10.0.17763.7314CVE-2025-29969
Windows 10 Version 1809 for 32-bit SystemsRemote Code ExecutionImportant5058392Security Update10.0.17763.7314CVE-2025-29969
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002695Security Update16.0.5500.1001CVE-2025-32704
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002695Security Update16.0.5500.1001CVE-2025-32704
Microsoft Office 2019 for 64-bit editionsRemote Code ExecutionImportantClick to RunSecurity Updatehttps://aka.ms/OfficeSecurityReleasesCVE-2025-32704
Microsoft Visual Studio 2022 version 17.10Remote Code ExecutionImportantRelease NotesSecurity Update17.10.14CVE-2025-32702
Microsoft Visual Studio 2022 version 17.8Remote Code ExecutionImportantRelease NotesSecurity Update17.8.21CVE-2025-32702
Microsoft Visual Studio 2022 version 17.13Remote Code ExecutionImportantRelease NotesSecurity Update17.13.7CVE-2025-32702
Microsoft Visual Studio 2022 version 17.12Remote Code ExecutionImportantRelease NotesSecurity Update17.12.8CVE-2025-32702
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)Remote Code ExecutionImportantRelease NotesSecurity Update16.11.47CVE-2025-32702
Windows Server 2012 R2 (Server Core installation)Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2012 R2Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2012 (Server Core installation)Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2012Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 R2 for x64-based Systems Service Pack 1Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 for x64-based Systems Service Pack 2Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Windows Server 2008 for 32-bit Systems Service Pack 2Remote Code ExecutionImportant5058380IE Cumulative1.003CVE-2025-30397
Microsoft Office LTSC for Mac 2024Remote Code ExecutionImportantRelease NotesSecurity Update16.97.25042725CVE-2025-30388
Microsoft Office for UniversalRemote Code ExecutionImportantRelease NotesSecurity Update16.0.14326.22502CVE-2025-30388
Microsoft Office for AndroidRemote Code ExecutionImportantRelease NotesSecurity Update16.0.18827.20000CVE-2025-30388
Microsoft Office LTSC for Mac 2021Remote Code ExecutionImportantRelease NotesSecurity Update16.97.25042725CVE-2025-30388
Windows Server 2022 (Server Core installation)Remote Code ExecutionCritical5058500SecurityHotpatchUpdate10.0.20348.3630CVE-2025-29833
Microsoft Defender for IdentitySpoofingImportantCVE-2025-26685
Windows HLK for Windows Server 2019Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.17763.7010CVE-2025-27488
Windows HLK for Windows 10 version 2004Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.19041.5609CVE-2025-27488
Windows 10 HLK version 21H2Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.19041.5609CVE-2025-27488
Windows 10 HLK Version 22H2Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.19041.5609CVE-2025-27488
Windows 10 HLK version 20H2Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.19041.5609CVE-2025-27488
Windows HLK for Windows Server 2022Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.20348.3330CVE-2025-27488
Windows 11 HLK 22H2Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.22621.5040CVE-2025-27488
Windows 10 HLK version 21H1Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.19041.5609CVE-2025-27488
Windows HLK Version 1809Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.17763.7010CVE-2025-27488
Windows 11 HLK 24H2Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.26100.3478CVE-2025-27488
Windows HLK for Windows Server 2025Elevation of PrivilegeImportantRelease NotesSecurity Update10.1.26100.3478CVE-2025-27488
Visual Studio CodeSecurity Feature BypassImportantRelease NotesSecurity Update1.100.1CVE-2025-21264
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)Information DisclosureImportantRelease NotesSecurity Update15.9.73CVE-2025-32703
Microsoft DataverseElevation of PrivilegeImportantRelease NotesSecurity Update3.4.0.1406CVE-2025-29826
Azure AI Document Intelligence StudioElevation of PrivilegeImportantRelease NotesSecurity Update1.0.03019.1-official-7241c17aCVE-2025-30387
Microsoft Office 2016 (64-bit edition)Remote Code ExecutionCritical5002711Security Update16.0.5500.1002CVE-2025-30386
Microsoft Office 2016 (32-bit edition)Remote Code ExecutionCritical5002711Security Update16.0.5500.1002CVE-2025-30386
Microsoft SharePoint Server Subscription EditionRemote Code ExecutionImportant5002709Security Update16.0.18526.20286CVE-2025-30384
Microsoft SharePoint Server 2019Remote Code ExecutionImportant5002708Security Update16.0.10417.20010CVE-2025-30384
Microsoft SharePoint Enterprise Server 2016Remote Code ExecutionImportant5002722Security Update16.0.5500.1001CVE-2025-30384
Office Online ServerRemote Code ExecutionImportant5002707Security Update16.0.10417.20010CVE-2025-30383
Microsoft Excel 2016 (64-bit edition)Remote Code ExecutionImportant5002716Security Update16.0.5500.1000CVE-2025-30379
Microsoft Excel 2016 (32-bit edition)Remote Code ExecutionImportant5002716Security Update16.0.5500.1000CVE-2025-30379
Microsoft Office 2016 (64-bit edition)Remote Code ExecutionImportant5002717Security Update16.0.5500.1000CVE-2025-29979
Microsoft Office 2016 (32-bit edition)Remote Code ExecutionImportant5002717Security Update16.0.5500.1000CVE-2025-29979
Microsoft SharePoint Server 2019Elevation of PrivilegeImportant5002706Security Update16.0.10417.20010CVE-2025-29976
Microsoft SharePoint Enterprise Server 2016Elevation of PrivilegeImportant5002712Security Update16.0.5500.1001CVE-2025-29976
Microsoft PC ManagerElevation of PrivilegeImportantRelease NotesSecurity Update3.16.1.0CVE-2025-29975
Azure File Sync v20.0Elevation of PrivilegeImportantRelease NotesN/A5041884CVE-2025-29973
Azure File Sync v19.0Elevation of PrivilegeImportantRelease NotesN/A26100CVE-2025-29973
Remote Desktop client for Windows DesktopRemote Code ExecutionCriticalRelease NotesSecurity Update1.2.6228.0CVE-2025-29967
Windows App Client for Windows DesktopRemote Code ExecutionCriticalRelease NotesSecurity Update2.0.420CVE-2025-29967
Microsoft Defender for Endpoint for LinuxElevation of PrivilegeImportantRelease NotesSecurity Update101.25XXXCVE-2025-26684
Build Tools for Visual Studio 2022SpoofingImportantRelease NotesSecurity UpdateFixed Version 17.13.7CVE-2025-26646
.NET 9.0 installed on WindowsSpoofingImportant5059201Security Update9.0.5CVE-2025-26646
.NET 9.0 installed on Mac OSSpoofingImportant5059201Security Update9.0.5CVE-2025-26646
.NET 9.0 installed on LinuxSpoofingImportant5059201Security Update9.0.5CVE-2025-26646
.NET 8.0 installed on Mac OSSpoofingImportant5059200Security Update8.0.16CVE-2025-26646
.NET 8.0 installed on LinuxSpoofingImportant5059200Security Update8.0.16CVE-2025-26646
.NET 8.0 installed on WindowsSpoofingImportant5059200Security Update8.0.16CVE-2025-26646

Quality and experiences updates

If you’re running Windows 11 version 24H2, the KB5058411 update enables the AI-powered Windows Recall and Click to Do features on Copilot+ PCs. It also brings the new AI-based search experience on AMD and Intel models. Moreover, this release introduces a new Phone Link sidebar for the Start menu, a new Speech recap feature for Narrator, as well as pivot-based curated views in File Explorer Home, and more. These enhancements are also available for users running Windows 11 version 23H2.

For Windows 10 version 22H2, this update brings a couple of security improvements to internal Windows OS functionality. It also includes new blocklist drivers with security vulnerabilities that have been exploited by attackers in Bring Your Own Vulnerable Driver (BYOVD) attacks.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

Rabia Noureen profile picture
Rabia Noureen News Editor

Follow

Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...

SHARE ARTICLE

Related Articles

See all