Microsoft disclosed a total of 78 vulnerabilities this month affecting its current operating system. The most critical Common Vulnerabilities and Exposures (CVEs) are highlighted below:
Microsoft Vulnerabilities:
Windows Zero-Day:
- CVE-2025-30400 – Microsoft DWM Core Library Elevation of Privilege Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-30397 – Scripting Engine Memory Corruption Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-32709 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-32701/32706 – Windows Common Log File System Driver Elevation of Privilege Vulnerability
- Vulnerability not publicly disclosed but actively being exploited in the wild.
- CVE-2025-26685 – Microsoft Defender for Identity Spoofing Vulnerability
- Vulnerability publicly disclosed but no reports of being actively exploited in the wild.
- CVE-2025-32702 – Visual Studio Remote Code Execution Vulnerability
- Vulnerability publicly disclosed but no reports of being actively exploited in the wild.
Other Critical CVE’s worth mentioning:
- CVE-2025-29827 – Azure Automation Elevation of Privilege Vulnerability
- CVE-2025-29813 – Azure DevOps Elevation of Privilege Vulnerability
- CVE-2025-29972 – Azure Storage Resource Provider Spoofing Vulnerability
- CVE-2025-47732 – Microsoft Dataverse Remote Code Execution Vulnerability
- CVE-2025-33072 – Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability
- CVE-2025-30377/30386 – Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-47733 – Microsoft Power Apps Information Disclosure Vulnerability
- CVE-2025-29833 – Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
- CVE-2025-29966/29967 – Remote Desktop Client Remote Code Execution Vulnerability
Other Important News Related to Windows Patching:
We’ve recently seen reports in the wild where after patching the May Cumulative update, KB5058379, on Windows 10 version 22H2 devices & Windows 10 Enterprise LTSC 2021 (21H2) Devices it can cause BitLocker recovery screen to repeatedly display at startup.
More information can be found in the article below:
“On affected devices, upon installing the update, Windows might fail to start enough times to trigger an Automatic Repair. On devices with BitLocker enabled, BitLocker requires the input of your BitLocker recovery key to initiate an Automatic Repair.”
Microsoft states that only a small number of reported devices are affected. If you notice any issues within your environment or would like to pause this update, please reach out to the Fortress SRM team at the contact information at the bottom of the post.
3rd Party Critical CVE’s worth mentioning:
Adobe Products (not handled by FSRM):
- Adobe released 12 patches covering 40 CVE’s in Adobe Animate, Bridge, Cold Fusion, Connect, Dreamweaver, Lightroom, Illustrator, InDesign, Photoshop, Substance 3D Painter, Substance 3D Stager, and Substance 3D Modeler.
Apple (not handled by FSRM):
Firefox:
Fortinet:
Google Chrome:
- Versions 136.0.7103.113/.114 were released for Windows & Apple and version 136.0.7103.113 for Linux on April 8th .
- This update includes 4 Security Fixes.
- Chrome Release: May 14th 2025
Intel:
SAP (not handled by FSRM):
SonicWall (not handled by FSRM):