Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more complex ecosystems.

But one of the more telling metrics for CISOs is not just how many bugs were found — it’s how dangerous they were. In that regard, the data offers some good news. The number of critical vulnerabilities dropped to 78 in 2024, down from 84 the year before and less than half the 196 logged in 2020. It’s the lowest critical count since the report began.

Key risks

Critical flaws — those enabling code execution without user input — are among the most likely to be exploited in the wild. Their continued decline points to improvements in Microsoft’s development pipeline and architecture.

That said, not all categories followed the same curve. Elevation of Privilege (EoP) vulnerabilities made up 40% of the total. Remote Code Execution (RCE) followed close behind. Both remain top objectives for attackers.

“This year’s data offers a clear reminder that the threat landscape isn’t slowing down—it’s rapidly evolving,” said James Maude, Field CTO at BeyondTrust.

“The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers and why they will continue to target identities with privileges to move laterally and gain access to critical systems. These trends reinforce the need for organizations to focus not just on patching, but on securing the underlying Paths to Privilege across their environments to reduce the attack surface of every identity and point of access,” Maude continued.

These vulnerabilities are a key mechanism attackers rely on as organizations exert more controls around enforcing least privilege in their environments. If you can reduce a threat actor’s access to privilege, you reduce the “blast radius” in the event of exploitation.

As Kip Boyle, CISO at Cyber Risk Opportunities, put it: “Privilege elevation is the golden ticket for ransomware operators. Once attackers gain administrative privileges, they can execute the most devastating part of their playbook.”

Microsoft Edge, which had seen steady improvements, broke that trend. It jumped to 292 vulnerabilities — nine of which were critical, up from just one the previous year. Many of these allowed code to escape the browser sandbox, essentially turning the browser into a gateway for lateral movement. CISA issued a rare advisory warning for multiple Edge flaws in October 2024.

Microsoft Office used to be a major security pain point for organizations. Malicious phishing documents exploited common vulnerabilities, or simply socially-engineered a user into opening a document and allowing macros to run in order to misuse the built-in features for nefarious purposes.

Microsoft Office vulnerabilities rise sharply

Office also saw a 24% jump in total vulnerabilities, reversing last year’s decline. Meanwhile, Azure and Dynamics 365 also saw a 14% increase in total flaws. One standout: an SSRF bug in Microsoft Copilot Studio that let attackers retrieve access tokens and connect to internal cloud resources.

Patching remains essential, but not enough. Several zero-days — including CVE-2024-49138, a CLFS driver flaw exploited for SYSTEM-level access — highlight the need for layered defense.

In 2025, it will be vital for Microsoft to build confidence in the quality and stability of patches and updates. This is necessary to increase the pace at which organizations are comfortable deploying patch.

“If there’s one takeaway for 2025,” said Paula Januszkiewicz, CEO of CQURE, “it’s that proactive threat hunting and least privilege should be front and center.”

Microsoft’s Secure Future Initiative (SFI), launched in late 2023, claims to prioritize security across development. Some SFI milestones include phasing out unused apps and expanding phishing-resistant credentials. Still, experts warn against reading too much into early results.

Although the total number of vulnerabilities has risen, the longer-term trend shows the pace of growth appear is stabilizing. This, combined with the continued downward trend toward fewer critical vulnerabilities, suggests Microsoft’s security initiatives and improvements in the security architecture of modern operating systems are paying off.

“Vulnerabilities are breadcrumbs,” said Anton Chuvakin, advisor at Google Cloud. “They point to process failures, not just bad code.”

While this report is looking back at 2024, it’s worth noting that the first Patch Tuesday of 2025 was the biggest one since 2017, covering 159 vulnerabilities—including 8 zero-day vulnerabilities.

We need to be prepared not only to patch as quickly as possible, but also to ensure we have the best security posture possible via other mitigations—such as least privilege, zero trust, and just-in-time access to systems-to minimize the blast radius when those zero days come knocking.

Microsoft’s vulnerability landscape reached an unprecedented peak in 2024, as revealed by the 12th edition of the Microsoft Vulnerabilities Report.

The comprehensive analysis registered a record-high 1,360 vulnerabilities across the Microsoft ecosystem marking the most significant uptick since the inception of the annual study.

Insights from the report underscore the complexity and growing urgency faced by organizations aiming to secure Windows environments against both traditional and emerging cyber threats.

Elevation of Privilege Dominates, While Edge and Office See Notable Spikes

Of the total reported vulnerabilities, Elevation of Privilege (EoP) flaws dominated the threat spectrum, accounting for a startling 40% or 554 incidents in 2024.

The report notes that this category’s prevalence highlights attackers’ ongoing focus on exploiting access controls to escalate permissions, emphasizing the criticality of least-privilege strategies and robust segmentation in security postures.

Other prominent Microsoft products were not spared. Microsoft Edge experienced a dramatic 17% increase, reaching 292 vulnerabilities, including nine deemed critical an 800% surge in criticality compared to the previous year.

Similarly, Microsoft Office saw vulnerabilities nearly double year-over-year, reporting 62 distinct flaws, illustrating that productivity suites remain a high-value target for cyber adversaries.

Windows Server recorded 684 vulnerabilities, including 43 classified as critical, while standard Windows distributions saw 587 vulnerabilities, with 33 ranked as critical.

Notably, platforms such as Azure and Dynamics 365 appeared to reach a temporary plateau after past volatility, suggesting either improved controls or a shifting focus among threat actors.

Expert Perspectives Reveal Need for Multifaceted Defense

Industry leaders contributing to the report stressed that patching, while vital, should not be considered a standalone defense.

Anton Chuvakin, Security Advisor at Google Cloud’s Office of the CISO, warned that an over-reliance on rapid patching would likely fail in isolation; instead, he advocated for a broad approach, incorporating zero trust, micro-segmentation, and ongoing risk assessment even contemplating scenarios where immediate patching is not viable.

The sentiment was echoed by other security veterans, including Paula Januszkiewicz, CEO of CQURE, who emphasized the ongoing insufficiency of reactive security.

She underscored the demand for continuous threat monitoring, AI-driven analytics, and active red teaming, wrapped into a coordinated, adaptive security strategy.

Despite an increasingly complex landscape, the report reinforced the lasting value of security fundamentals: enforcing least privilege, adopting a zero-trust mindset, prioritizing vulnerability management, and tightly securing remote access avenues.

The findings highlight that while newer technologies such as AI bring both new risks and protection opportunities, basic best practices when executed systematically form the bedrock of resilient cyber defense.

With traditional vulnerabilities and modern identity-based risks converging, platforms like BeyondTrust’s Pathfinder are positioned as critical allies for organizations aiming to secure their Microsoft infrastructure.

The report notes BeyondTrust’s leadership in areas such as Privileged Access Management (PAM), Identity Threat Detection and Response (ITDR), and Cloud Infrastructure Entitlement Management (CIEM) underlining the importance of unified, multilayered defenses that address not only technical vulnerabilities but also the expanding attack surface of identity.

As the threat landscape continues to evolve, security experts and the Microsoft Vulnerabilities Report alike recommend that organizations move beyond reactive approaches.

Instead, a proactive, defense-in-depth strategy that blends fundamental principles with the latest in security innovation will prove essential for mitigating risk and safeguarding the modern enterprise.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

Microsoft has rolled out its August 2025 Patch Tuesday fixes, addressing a total of 107 vulnerabilities across its ecosystem.

This month’s release stands out for its sheer volume and the inclusion of 35 remote code execution (RCE) bugs, which could allow attackers to run malicious code on affected systems.

While none of these vulnerabilities are currently known to be exploited in the wild, the patches underscore the ongoing battle against evolving cyber threats.

The Microsoft security updates span a wide array of Microsoft products, from core Windows components to Office applications, Azure services, and even specialized tools like Exchange Server and SQL Server.

Security experts recommend immediate patching, especially for organizations relying on hybrid or cloud environments, as delays could expose systems to potential risks.

Critical Vulnerabilities Patched

Out of the 107 issues, 13 are rated Critical, the highest severity level, posing severe risks if left unaddressed. These primarily involve RCE vulnerabilities that could lead to complete system compromise.

Severity / Impact Remote Code Execution (RCE) Elevation of Privilege (EoP) Information Disclosure Spoofing Denial of Service (DoS) Tampering Total Critical 9 1 2 1 0 0 13 Important 26 38 14 7 5 1 91 Moderate 0 1 0 1 0 0 2 Low 0 0 0 1 0 0 1 Total 35 40 16 10 5 1 107

For instance, CVE-2025-50165 affects the Windows Graphics Component, enabling unauthorized code execution over a network via untrusted pointer dereferences. Similarly, CVE-2025-53766 targets GDI+ with a heap-based buffer overflow, allowing remote attacks.

Azure users should note CVE-2025-53781, a critical information disclosure flaw in Azure Virtual Machines that could leak sensitive data to unauthorized actors.

Another notable vulnerability is CVE-2025-48807 in Windows Hyper-V, which permits local code execution through improper endpoint restrictions.

These critical bugs highlight vulnerabilities in virtualization and cloud infrastructure, areas increasingly targeted by sophisticated adversaries.

The bulk of the patches, around 90, are classified as Important, covering a mix of elevation of privilege (EoP), denial of service (DoS), spoofing, and information disclosure issues.

EoP flaws dominate this category, with 35 instances allowing attackers to gain higher system privileges.

Examples include CVE-2025-53778 in Windows NTLM, which exploits improper authentication for network-based privilege escalation, and multiple SQL Server bugs like CVE-2025-49758, stemming from SQL injection weaknesses.

RCE vulnerabilities make up a notable 35 of the total, affecting products like Microsoft Office, Exchange Server, and Routing and Remote Access Service (RRAS).

In Office alone, flaws such as CVE-2025-53731 (use-after-free in Microsoft Office) and CVE-2025-53741 (heap-based buffer overflow in Excel) could enable local code execution if users open malicious files.

Windows RRAS sees several heap-based overflows, like CVE-2025-50160, potentially leading to remote exploits.

Lower-severity issues include two Moderate vulnerabilities, such as CVE-2025-53779 in Windows Kerberos involving relative path traversal for EoP, and one Low spoofing flaw in Microsoft Edge for Android (CVE-2025-49755). While less urgent, these still warrant attention to prevent cumulative risks.

This Patch Tuesday reveals recurring themes: use-after-free errors, heap overflows, and improper input validation appear frequently, particularly in legacy components like Win32k and Ancillary Function Drivers.

Microsoft also addressed a hybrid deployment vulnerability in Exchange Server (CVE-2025-53786), recommending users apply April 2025 hotfixes for enhanced security.

For IT administrators, prioritizing patches for internet-facing systems and critical infrastructure is essential.

Home users should enable automatic updates via Windows Update. Microsoft reports no active exploits as of August 12, 2025, but history shows that publicized vulnerabilities can quickly attract threat actors.

Microsoft Patch Tuesday August 2025 – Vulnerabilities list

CVE Vulnerability Actively Exploited Type Severity CVE-2025-53781 Azure Virtual Machines Information Disclosure Vulnerability No Information Disclosure Critical CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-50176 DirectX Graphics Kernel Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53766 GDI+ Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53778 Windows NTLM Elevation of Privilege Vulnerability No Elevation of Privilege Critical CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-53793 Azure Stack Hub Information Disclosure Vulnerability No Information Disclosure Critical CVE-2025-48807 Windows Hyper-V Remote Code Execution Vulnerability No Remote Code Execution Critical CVE-2025-49707 Azure Virtual Machines Spoofing Vulnerability No Spoofing Critical CVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-49751 Windows Hyper-V Denial of Service Vulnerability No Denial of Service Important CVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability No Spoofing Important CVE-2025-49758 Microsoft SQL Server Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53727 Microsoft SQL Server Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-33051 Microsoft Exchange Server Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53730 Microsoft Office Visio Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53772 Web Deploy Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-25005 Microsoft Exchange Server Tampering Vulnerability No Tampering Important CVE-2025-25006 Microsoft Exchange Server Spoofing Vulnerability No Spoofing Important CVE-2025-25007 Microsoft Exchange Server Spoofing Vulnerability No Spoofing Important CVE-2025-49743 Windows Graphics Component Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-49757 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-49759 Microsoft SQL Server Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-49761 Windows Kernel Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-49762 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50153 Desktop Windows Manager Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability No Spoofing Important CVE-2025-50156 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-50158 Windows NTFS Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-50159 Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-50161 Win32k Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50162 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-50163 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-50164 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-50166 Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-50167 Windows Hyper-V Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50168 Win32k Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50169 Windows SMB Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-50170 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-50171 Remote Desktop Spoofing Vulnerability No Spoofing Important CVE-2025-50172 DirectX Graphics Kernel Denial of Service Vulnerability No Denial of Service Important CVE-2025-50173 Windows Installer Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53131 Windows Media Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53132 Win32k Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53134 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53135 DirectX Graphics Kernel Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53136 NT OS Kernel Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53137 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53138 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53140 Windows Kernel Transaction Manager Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53141 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53142 Microsoft Brokering File System Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53143 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53144 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53145 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53147 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53148 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53149 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53151 Windows Kernel Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53152 Desktop Windows Manager Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53153 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53154 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53155 Windows Hyper-V Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53156 Windows Storage Port Driver Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53716 Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability No Denial of Service Important CVE-2025-53718 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53719 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53720 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53721 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53722 Windows Remote Desktop Services Denial of Service Vulnerability No Denial of Service Important CVE-2025-53723 Windows Hyper-V Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-47954 Microsoft SQL Server Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53732 Microsoft Office Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53734 Microsoft Office Visio Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53765 Azure Stack Hub Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-53769 Windows Security App Spoofing Vulnerability No Spoofing Important CVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability No Information Disclosure Important CVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege Vulnerability No Elevation of Privilege Important CVE-2025-49712 Microsoft SharePoint Remote Code Execution Vulnerability No Remote Code Execution Important CVE-2025-49755 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability No Spoofing Low CVE-2025-53779 Windows Kerberos Elevation of Privilege Vulnerability No Elevation of Privilege Moderate CVE-2025-49736 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability No Spoofing Moderate

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!

Microsoft on Tuesday released 71 patches affecting 14 product families. Six of the addressed issues, five involving remote code execution and one permitting information disclosure (including PII, Personally Identifiable Information), are considered by Microsoft to be of Critical severity, and 12 have a CVSS base score of 8.0 or higher. Five, all Important-severity issues in Windows, are known to be under active exploit in the wild.

At patch time, nine additional CVEs are more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below.

In addition to these patches, eight Important-severity Adobe Reader issues affecting ColdFusion are covered in the release. Those are listed in Appendix D below. That appendix also contains information on eight Edge-related vulnerabilities and seven affecting Azure, Dataverse, or Power Apps. Though several of the non-Edge issues are exciting, with CVSS Base scores over 9.0 (a “perfect” 10, in one case), Microsoft’s released information indicates that all have been patched in recent days – in other words, the information provided is strictly FYI.

We are as always including at the end of this post appendices listing all Microsoft’s patches sorted by severity, by predicted exploitability timeline and CVSS Base score, and by product family; an appendix covering the advisory-style updates; and a breakout of the patches affecting the various Windows Server platforms still in support.

By the numbers

Total CVEs: 71

Publicly disclosed: 2

Exploit detected: 5

Severity Critical: 6 Important: 65

Impact: Remote Code Execution: 28 Elevation of Privilege: 17 Information Disclosure: 15 Denial of Service: 7 Security Feature Bypass: 2 Spoofing: 2

CVSS base score 9.0 or greater: 1*

CVSS base score 8.0 or greater: 11

* A number of advisory-only issues this month, affecting Azure, Dataverse, and Power Apps but patched by Microsoft prior to the May release, have been assigned significant CVSS scores. Please see Appendix D for details.

Figure 1: Remote code execution returns to the top of the charts for May’s Patch Tuesday. Note the unusual Critical-severity information-disclosure issue. This occurs in Nuance PowerScribe 360, a product from the medical sphere – ask your local radiologist for details. (Eight Edge updates covered this month are not released with full impact information and thus do not appear in this chart)

Products

Windows: 43

Office: 14

365: 13

Excel: 7

SharePoint: 4

Visual Studio: 4

RDP Client: 2

.NET: 1

Azure: 1

Dataverse: 1

Defender: 1

Nuance PowerScribe 360: 1

PC Manager: 1

Windows HLK: 1

As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. It should be noted, by the way, that CVE names in May don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa.

Figure 2: Fourteen product families figure in May’s Patch Tuesday release. This month, we return to separating Edge / Chromium issues from the pack; those are covered in Appendix D, as are some advisory and information-only but interesting issues affecting Azure, Dataverse, and Power Apps

Notable May updates

In addition to the issues discussed above, a variety of specific items merit attention.

CVE-2025-30385, CVE-2025-30701, CVE-2025-32706 — Windows Common Log File System Driver Elevation of Privilege Vulnerability

CLFS problems account for two of the five vulnerabilities currently known to be under attack in the wild, and the other one (CVE-2025-30385) is expected to see action within the next 30 days. The logging system has taken a high number of patches in the past few years, including recently seen abuse by both Play and PipeMagic malware of CVE-2025-29824, which was patched last month. Microsoft’s known to be spinning up a new verification step for parsing CLFS log files, but in the meantime, the system’s giving RDP a run for its money as a source of administrator grief.

CVE-2025-30377, CVE-2025-30386 — Microsoft Office Remote Code Execution Vulnerability

Both of these vulnerabilities can be triggered via Preview Pane. If it were a competition CVE-2025-30386 would have the slight edge, as Microsoft finds that in the worst case, in their words, “an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link.” Both vulnerabilities apply to 365 as well as Office.

CVE-2025-27488 — Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

An Important-class issue, this bug affects the Windows Hardware Kit Lab, which is a framework for testing hardware devices and drivers for certain editions of Windows; multiple versions of the entire kit likewise take an update this month. That’s good, as the problem itself lies in certain third-party infrastructure within the kit using a hard-coded password (!).

CVE-2025-30384 — Microsoft SharePoint Server Remote Code Execution Vulnerability

An Important-severity issue requiring the attacker to prepare the target ahead of time, the finder credited for this item is “zcgonvh’s cat Vanilla.” We admit to some curiosity about how Vanilla caught this bug; did they use… a mouse?

Figure 3: RCE and EoP issues continue to dominate the charts in 2025

Sophos protections

CVE Sophos Intercept X/Endpoint IPS Sophos XGS Firewall CVE-2025-24063 Exp/2524063-A Exp/2524063-A CVE-2025-29971 Exp/2529971-A Exp/2529971-A CVE-2025-30377 sid:2310992 sid:2310992 CVE-2025-30386 sid:2310976 sid:2310976 CVE-2025-30388 sid:2310990 sid:2310990 CVE-2025-30397 Exp/2530397-A Exp/2530397-A CVE-2025-30400 Exp/2530400-A Exp/2530400-A CVE-2025-32701 Exp/2532701-A Exp/2532701-A CVE-2025-32706 Exp/2532706-A Exp/2532706-A CVE-2025-32709 Exp/2532709-A Exp/2532709-A

As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows 10 or 11 you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

Appendix A: Vulnerability Impact and Severity

This is a list of May patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE.

Remote Code Execution (28 CVEs)

Critical severity CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-29840 Windows Media Remote Code Execution Vulnerability CVE-2025-29962 Windows Media Remote Code Execution Vulnerability CVE-2025-29963 Windows Media Remote Code Execution Vulnerability CVE-2025-29964 Windows Media Remote Code Execution Vulnerability CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

Elevation of Privilege (17 CVEs)

Important severity CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-26684 Microsoft Defender Elevation of Privilege Vulnerability CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability CVE-2025-29838 Windows Execution Context Driver Elevation of Privilege Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32707 NTFS Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Information Disclosure (15 CVEs)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability Important severity CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29837 Windows Installer Information Disclosure Vulnerability CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability CVE-2025-29956 Windows SMB Information Disclosure Vulnerability CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability CVE-2025-32703 Visual Studio Information Disclosure Vulnerability

Denial of Service (7 CVEs)

Important severity CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Security Feature Bypass (2 CVEs)

Important severity CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability

Spoofing (2 CVEs)

Important severity CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability

Appendix B: Exploitability and CVSS

This is a list of the May CVEs judged by Microsoft to be either under exploitation in the wild or more likely to be exploited in the wild within the first 30 days post-release. The list is further arranged by CVE. Interestingly, 28 of this month’s vulnerabilities have been marked in Microsoft’s release materials as “exploitation unlikely” – a category far less commonly assigned by the company in the past.

Exploitation detected CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Exploitation more likely within the next 30 days CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

This is a list of May’s CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema. For a look at the CVSS scores for certain products covered in this month’s advisories, please see Appendix D.

CVSS Base CVSS Temporal CVE Title 9.8 8.5 CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability 8.8 7.7 CVE-2025-29840 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29962 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29963 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29964 Windows Media Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability 8.8 7.7 CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability 8.4 7.3 CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability 8.1 7.1 CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability 8.0 7.0 CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Appendix C: Products Affected

This is a list of May’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. Certain significant issues for which advisories have been issued are covered in Appendix D, and issues affecting Windows Server are further sorted in Appendix E. All CVE titles are accurate as made available by Microsoft; for further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

Windows (43 CVEs)

Critical severity CVE-2025-29833 Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability Important severity CVE-2025-24063 Kernel Streaming Service Driver Elevation of Privilege Vulnerability CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-27468 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability CVE-2025-29829 Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability CVE-2025-29830 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability CVE-2025-29832 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29835 Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2025-29836 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29837 Windows Installer Information Disclosure Vulnerability CVE-2025-29838 Windows ExecutionContext Driver Elevation of Privilege Vulnerability CVE-2025-29839 Windows Multiple UNC Provider Driver Information Disclosure Vulnerability CVE-2025-29840 Windows Media Remote Code Execution Vulnerability CVE-2025-29841 Universal Print Management Service Elevation of Privilege Vulnerability CVE-2025-29842 UrlMon Security Feature Bypass Vulnerability CVE-2025-29954 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVE-2025-29955 Windows Hyper-V Denial of Service Vulnerability CVE-2025-29956 Windows SMB Information Disclosure Vulnerability CVE-2025-29957 Windows Deployment Services Denial of Service Vulnerability CVE-2025-29958 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29959 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29960 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29961 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability CVE-2025-29962 Windows Media Remote Code Execution Vulnerability CVE-2025-29963 Windows Media Remote Code Execution Vulnerability CVE-2025-29964 Windows Media Remote Code Execution Vulnerability CVE-2025-29968 Active Directory Certificate Services (AD CS) Denial of Service Vulnerability CVE-2025-29969 MS-EVEN RPC Remote Code Execution Vulnerability CVE-2025-29970 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2025-29971 Web Threat Defense (WTD.sys) Denial of Service Vulnerability CVE-2025-29974 Windows Kernel Information Disclosure Vulnerability CVE-2025-30385 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability CVE-2025-30397 Scripting Engine Memory Corruption Vulnerability CVE-2025-30400 Microsoft DWM Core Library Elevation of Privilege Vulnerability CVE-2025-32701 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32706 Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2025-32707 NTFS Elevation of Privilege Vulnerability CVE-2025-32709 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Office (14 CVEs)

Critical severity CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30388 Windows Graphics Component Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

365 (13 CVEs)

Critical severity CVE-2025-30377 Microsoft Office Remote Code Execution Vulnerability CVE-2025-30386 Microsoft Office Remote Code Execution Vulnerability Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-29978 Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2025-29979 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30393 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32705 Microsoft Outlook Remote Code Execution Vulnerability

Excel (7 CVEs)

Important severity CVE-2025-29977 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30375 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30376 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30379 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30381 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-30383 Microsoft Excel Remote Code Execution Vulnerability CVE-2025-32704 Microsoft Excel Remote Code Execution Vulnerability

SharePoint (4 CVEs)

Important severity CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability

Visual Studio (4 CVEs)

Important severity CVE-2025-21264 Visual Studio Code Security Feature Bypass Vulnerability CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability CVE-2025-32702 Visual Studio Remote Code Execution Vulnerability CVE-2025-32703 Visual Studio Information Disclosure Vulnerability

RDP Client (2 CVEs)

Critical severity CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-29967 Windows Remote Desktop Services Remote Code Execution Vulnerability

.NET (1 CVE)

Important severity CVE-2025-26646 .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Azure (1 CVE)

Important severity CVE-2025-30387 Document Intelligence Studio On-Prem Information Disclosure Vulnerability

Dataverse (1 CVE)

Important severity CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability

Defender (1 CVE)

Important severity CVE-2025-26685 Microsoft Defender for Identity Spoofing Vulnerability

Nuance PowerScribe 360 (1 CVE)

Critical severity CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability

PC Manager (1 CVE)

Important severity CVE-2025-29975 Microsoft PC Manager Elevation of Privilege Vulnerability

Windows HLK (1 CVE)

Important severity CVE-2025-27488 Microsoft Windows Hardware Lab Kit (HLK) Elevation of Privilege Vulnerability

Appendix D: Advisories and Other Products

There are 8 Adobe advisories in this month’s release.

CVE-2025-43559 APSB25-52 Improper Input Validation (CWE-20) CVE-2025-43560 APSB25-52 Improper Input Validation (CWE-20) CVE-2025-43561 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43562 APSB25-52 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78) CVE-2025-43563 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43564 APSB25-52 Incorrect Authorization (CWE-863) CVE-2025-43565 APSB25-52 Improper Access Control (CWE-284) CVE-2025-43566 APSB25-52 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)

There are, this month, an additional load of Microsoft advisories and informational releases that deserve attention. Most of them are Edge-related, and we present those in the usual fashion. However, seven additional CVEs involve Azure, Dataverse, or Power Apps. All of them have already been addressed by Microsoft and thus should pose no action item for administrators, but are significant enough that we choose to flag them here with their severities and CVSS scores. May’s release also includes servicing stack updates.

ADV990001 Latest Servicing Stack Updates CVE-2025-4050 Chromium: CVE-2025-4050 Out of bounds memory access in DevTools CVE-2025-4051 Chromium: CVE-2025-4051 Insufficient data validation in DevTools CVE-2025-4052 Chromium: CVE-2025-4052 Inappropriate implementation in DevTools CVE-2025-4096 Chromium: CVE-2025-4096 Heap buffer overflow in HTML CVE-2025-4372 Chromium: CVE-2025-4372 Use after free in WebAudio CVE-2025-21353 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability CVE-2025-21388 Microsoft Edge (Chromium-based) Spoofing Vulnerability CVE-2025-29825 Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE Title Impact Severity CVSS Base CVSS Temporal CVE-2025-29813 Azure DevOps Elevation of Privilege Vulnerability Elevation of Privilege Critical 10.0 9.0 CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability Elevation of Privilege Critical 9.9 8.9 CVE-2025-29972 Azure Storage Resource Provider Spoofing Vulnerability Spoofing Critical 9.9 8.9 CVE-2025-29973 Microsoft Azure File Sync Elevation of Privilege Vulnerability Elevation of Privilege Important 7.0 6.1 CVE-2025-33072 Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability Information Disclosure Critical 8.1 7.1 CVE-2025-47732 Microsoft Dataverse Remote Code Execution Vulnerability Remote Code Execution Critical 8.7 7.6 CVE-2025-47733 Microsoft Power Apps Information Disclosure Vulnerability Information Disclosure Critical 9.1 7.9

Appendix E: Affected Windows Server versions

This is a table of the CVEs in the May release affecting nine Windows Server versions, 2008 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). Critical-severity issues are marked in red; an “x” indicates that the CVE does not apply to that version. Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft. Please note that CVE-2025-29971 is a client-only Windows issue and thus appears in this chart, but with no server versions marked.

The latest annual Microsoft Vulnerabilities Report from BeyondTrust, reveals a record-breaking number of reported vulnerabilities last year.

Total vulnerabilities reached an all-time high of 1,360 in 2024, an 11 percent increase from the previous record of 1,292 in 2022. Elevation of Privilege (EoP) vulnerabilities comprised 40 percent of all those reported.

Security Feature Bypass vulnerabilities surged by 60 percent, increasing from 56 in 2023 to 90 in 2024, increasing the pressure to reduce software vulnerabilities at the design stage through secure coding and threat modeling.

Microsoft Edge vulnerabilities increased by 17 percent to 292 total vulnerabilities, including nine critical vulnerabilities in 2024, compared to zero in 2022.

On a more positive note critical vulnerabilities across the Microsoft ecosystem have continued to decline overall in 2024, while Microsoft Azure and Dynamics 365 vulnerabilities plateaued. This, along with a slower pace of growth in vulnerabilities, suggests Microsoft’s security initiatives and improvements in the security architecture of modern operating systems are paying off.

“This year’s data offers a clear reminder that the threat landscape isn’t slowing down — it’s rapidly evolving,” says James Maude, field chief technology officer at BeyondTrust. “The sustained dominance of Elevation of Privilege vulnerabilities highlights how valuable privileges are to attackers and why they will continue to target identities with privileges to move laterally and gain access to critical systems. These trends reinforce the need for organizations to focus not just on patching, but on securing the underlying Paths to Privilege across their environments to reduce the attack surface of every identity and point of access.”

The report notes that unpatched systems remain an easy target, opening the door for widespread exploitation, while Microsoft’s expanding tech stack, including cloud and AI services, will continue to introduce new attack surfaces.

It also points out that novel vulnerabilities will emerge as attackers find new and creative ways to bypass defenses. Patches alone are insufficient to tackle the issue — they can fail or introduce stability risks, underscoring the need for layered defenses. Threat actors are shifting tactics too, increasingly targeting identities and privileges over traditional exploits.

You can get the full report from the BeyondTrust site.

Image credit: IgorVetushko/depositphotos.com