Webinar Library
Welcome to my May Patch Tuesday newsletter. Today Microsoft released 71 updates and an additional 22 in the past month for a total of 93 updates. We have 7 zero-days to look at:
As you can see in the chart below, the five that are currently exploited affect various OS's. The two publicly known vulnerability updates affect two other platforms; CVE-2025-32702 affects Visual Studio 2022 and 2019 and CVE-2025-26685 affects MS Defender for Identity. Although we have these seven, the good news is MS gives all of them a severity rating of "Important". Despite this, you will want to make sure these get updated as soon as possible. In addition to these we have 17 others that are rated critical. Of these, 5 have a CVSS of 9.0 or greater. They are:
So we do have a good bit of updating that needs to be done. So download, update and reboot those systems. See you next month! I'd also like to give some attention to one of my webinars. Last month my software company, LOGbinder, had a major release update to our Supercharger for Windows Event Collection application. The feedback I received for this webinar was phenomenal. If you'd like to see or listen to the recording you can see it here. Happy patching!
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited / Publicly Disclosed
Vulnerability Info
Windows
Windows 10, 11 including HLK
Server 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client
Critical
CVE-2025-24063 CVE-2025-26677 CVE-2025-27468 CVE-2025-27488 CVE-2025-29829 CVE-2025-29830 CVE-2025-29831 CVE-2025-29832 CVE-2025-29833 CVE-2025-29835 CVE-2025-29836 CVE-2025-29837 CVE-2025-29838 CVE-2025-29839 CVE-2025-29840 CVE-2025-29841 CVE-2025-29842 CVE-2025-29954 CVE-2025-29955 CVE-2025-29956 CVE-2025-29957 CVE-2025-29958 CVE-2025-29959 CVE-2025-29960 CVE-2025-29961 CVE-2025-29962 CVE-2025-29963 CVE-2025-29964 CVE-2025-29966 CVE-2025-29967 CVE-2025-29968 CVE-2025-29969 CVE-2025-29970 CVE-2025-29971 CVE-2025-29974 CVE-2025-30385 CVE-2025-30388 CVE-2025-30394 CVE-2025-30397* CVE-2025-30400* CVE-2025-32701* CVE-2025-32706* CVE-2025-32707 CVE-2025-32709*
Denial of Service
Elevation of Privilege Information Disclosure
Remote Code Execution Security Feature Bypass
Edge
Chromium-based
Important
CVE-2025-29825 CVE-2025-29834 CVE-2025-3619 CVE-2025-3620 CVE-2025-4050 CVE-2025-4051 CVE-2025-4052 CVE-2025-4096 CVE-2025-4372
Workaround: No Exploited: No Public: No
Office
365 Apps for Enterprise Excel 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Office for Android/Universal Online Server
CVE-2025-29977 CVE-2025-29978 CVE-2025-29979 CVE-2025-30375 CVE-2025-30376 CVE-2025-30377 CVE-2025-30379 CVE-2025-30381 CVE-2025-30383 CVE-2025-30386 CVE-2025-30388 CVE-2025-30393 CVE-2025-32704 CVE-2025-32705
Remote Code Execution
SharePoint
Enterprise Server 2016 Server 2019 Server Subscription Edition
CVE-2025-29976 CVE-2025-30378 CVE-2025-30382 CVE-2025-30384
Elevation of Privilege Remote Code Execution
Azure
AI Bot Service AI Document Intelligence Studio Automation File Sync v19/20 Functions Machine Learning Storage Resource Provider (SRP) Virtual Desktop msagsfeedback.azure websites.net Power Apps HLK for Server 2022
CVE-2025-21416 CVE-2025-27488 CVE-2025-29827 CVE-2025-29972 CVE-2025-29973 CVE-2025-30387 CVE-2025-30389 CVE-2025-30390 CVE-2025-30392 CVE-2025-33072 CVE-2025-33074 CVE-2025-47733
Developer Tools
.NET 8.0 & 9.0 on Linux/MacOS/Windows Azure DevOps Build Tools for VS 2022 Visual Studio 2017 15.9-15.0 Visual Studio 2019 16.11-16.0 Visual Studio 2022 17.8, 17.10, 17.12, 17.13 Visual Studio Code
CVE-2025-21264 CVE-2025-26646 CVE-2025-29813 CVE-2025-32702* CVE-2025-32703
Workaround: No Exploited: No Public: Yes*
Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Apps
Microsoft PC Manager
CVE-2025-29975
Elevation of Privilege
Dynamics
365 Customer Service Microsoft Dataverse Power Automate for Desktop
CVE-2025-29817 CVE-2025-29826 CVE-2025-30391 CVE-2025-47732
System Center
Defender for Endpoint for Linux Defender for Identity
CVE-2025-26684 CVE-2025-26685*
Workaround: No Exploited: No Public: Yes