Microsoft released security updates on Tuesday (May 14) addressing 78 vulnerabilities across its software lineup, with 11 rated critical, 66 rated important, and one rated low severity. Among them, five zero-day flaws stand out, as they were being actively exploited in the wild. The patched vulnerabilities cover remote code execution, privilege escalation, and sensitive information disclosure, affecting various areas of the operating system and applications.
The five zero-day flaws involve weaknesses in the scripting engine, the DWM Core library, the CLFS driver, and the Ancillary Function driver for WinSock, enabling everything from arbitrary code execution to privilege escalation. Three of these flaws were identified by Microsoft's internal team, while the others were discovered by external researchers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added all of these vulnerabilities to its Known Exploited Vulnerabilities catalog, directing federal agencies to apply the fixes by June 3, 2025.
In addition to those five actively exploited flaws, the Patch Tuesday package also includes a fix for a privilege escalation vulnerability in Microsoft Defender for Endpoint on Linux, caused by a Python script that can execute Java binaries from an untrusted location, allowing a local attacker to gain elevated privileges. Another notable flaw is a spoofing issue in Microsoft Defender for Identity, which can allow the collection of NTLM credentials from the local network.
The update also highlights a patch for a maximum-severity vulnerability (CVSS 10.0) in Azure DevOps Server, which allows unauthorized remote attackers to escalate privileges over the network. According to Microsoft, the fix has already been applied to the company's cloud services, requiring no additional action from customers.
This post was translated and summarized from its original version using AI, with human review.
Source: The Hacker News