Microsoft Addresses 78 Vulnerabilities, Including 5 Exploited Zero-Day Threats; Critical CVSS 10 Vulnerability Affects Azure DevOps Server

Microsoft has released updates to address 78 security vulnerabilities across its software ecosystem, including five critical zero-day vulnerabilities currently under active exploitation.

Among the resolved vulnerabilities, 11 have been classified as Critical, 66 as Important, and one as Low. Notably, 28 of these flaws allow remote code execution, while others include 21 privilege escalation bugs and 16 information disclosure vulnerabilities.

These updates build on eight security defects previously addressed in the Chromium-based Edge browser following the April Patch Tuesday update.

The specific vulnerabilities that have been identified as actively exploited are as follows:

– CVE-2025-30397 (CVSS score: 7.5) – Memory corruption vulnerability in the Scripting Engine.
– CVE-2025-30400 (CVSS score: 7.8) – Elevation of privilege vulnerability in the Microsoft Desktop Window Manager (DWM) Core Library.
– CVE-2025-32701 (CVSS score: 7.8) – Elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver.
– CVE-2025-32706 (CVSS score: 7.8) – Another elevation of privilege vulnerability in the CLFS Driver.
– CVE-2025-32709 (CVSS score: 7.8) – Elevation of privilege vulnerability in the Windows Ancillary Function Driver for WinSock.

The first three vulnerabilities listed were discovered by Microsoft’s own threat intelligence team, while the remaining were reported by external researchers from Google Threat Intelligence Group, CrowdStrike, and an anonymous contributor.

CVE-2025-30397 allows attackers to exploit the Scripting Engine via a malicious web page or script that misinterprets object types, leading to memory corruption and arbitrary code execution. If the impacted user has administrative privileges, the attacker could achieve full system control, resulting in potential data theft and malware deployment.

CVE-2025-30400 is the third DWM Core Library privilege escalation flaw weaponized since 2023. Previously, Microsoft patched CVE-2024-30051, which Kaspersky reported was utilized in QakBot malware distribution attacks. Since 2022, Microsoft has addressed a total of 26 elevation-of-privilege vulnerabilities related to DWM.

CVE-2025-32701 and CVE-2025-32706 are the seventh and eighth privilege escalation vulnerabilities identified in the CLFS component and have also been leveraged in real-world attacks since 2022. Recent reports indicated exploitation of CVE-2025-29824 against targeted entities in the U.S. and abroad.

CVE-2025-32709 represents the third Privilege Escalation flaw affecting the Ancillary Function Driver for WinSock in less than a year, with previous exploits attributed to the Lazarus Group linked to North Korean cyber operations.

As a response to the situation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all five vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to implement the necessary fixes by June 3, 2025.

Additional noteworthy vulnerabilities patched include CVE-2025-26684, a privilege escalation issue in Microsoft Defender for Endpoint for Linux, and CVE-2025-26685, a spoofing vulnerability in Microsoft Defender for Identity that can be exploited by attackers with local area network access.

Finally, Microsoft reported a critical privilege escalation flaw (CVE-2025-29813) in Azure DevOps Server, with a CVSS score of 10.0, which can be exploited by unauthorized attackers. Microsoft confirmed that this flaw has already been remediated in the cloud, requiring no further action from customers.

In addition to Microsoft’s patch releases, various other vendors have also issued security updates addressing multiple vulnerabilities, reinforcing the need for robust and proactive cybersecurity measures across all software platforms.