Microsoft Software update released Tuesday to resolve at least 70 vulnerabilities Windows and related products, including Five zero-day defects have seen active exploitation. In addition to the urgency of Redmond’s patch batch this month, two other weaknesses are addressed that now have public proof of concept exploitation.
Microsoft and several security companies reveal that attackers are exploiting a pair of bugs Windows Universal Log File System (CLFS) drivers that allow attackers to enhance their privileges on vulnerable devices. Windows CLFS is a key Windows component responsible for logging services and is widely used by Windows System Services and third-party applications. Tracked as CVE-2025-32701 and CVE-2025-32706, these defects are present in all supported versions of Windows 10 and 11, as well as their server versions.
Kev BreenSenior Director of Threat Research Immersive lab,The privilege escalation error assumes that an attacker can typically access the compromised host through phishing attacks or using stolen credentials. However, if that access is already present, an attacker can use the credential harvesting tool to access a more powerful Windows system account, which can disable security tools or even gain domain management level permissions.
“The patch notes don’t provide technical details on how to exploit this, nor do they share metrics of compromise (IOC), which means the only mitigation team is to apply these patches immediately,” he said. “The average time from public disclosure to mass exploitation is less than five days, threatening players, ransomware groups and members quickly exploit these vulnerabilities.”
The other two zero days patched by Microsoft today also include the privilege level: CVE-2025-32709, involving Afd.Sys, The Windows Accessibility Driver This enables Windows applications to connect to the Internet; and CVE-2025-30400, Weakness Desktop Window Manager (DWM) Windows library. As Adam Barnett exist Rapid7 Note that tomorrow is the first anniversary of CVE-2024-30051, which is a high increase in the previous zero-day privilege vulnerability in the same DWM component.
The fifth day of today’s repair is CVE-2025-30397, which is a flaw Microsoft Script Engine,Depend on Internet Explorer and Internet Explorer Mode exist Microsoft Edge.
Chris Goettl exist Ivanti It is pointed out that the Windows 11 and Server 2025 updates include some new AI features that carry a lot of luggage and weigh it around 4 GB. The luggage includes new artificial intelligence (AI) features, including controversial Remember Features, which continuously takes screenshots to see how users do on Windows Copilot enabled computers.
After negative feedback from security experts, Microsoft returned to the recall board, which warned that it would bring an attractive target and provide potential gold mines for attackers. Microsoft seems to have worked hard to stop the recall of sensitive financial information, but privacy and security issues continue. Former Microsoftie Kevin Beaumont Microsoft’s update needs memories.
anyway, Windowslatest.com Report Windows 11 version 24H2 Even if you don’t want it, you can display the download.
“Now, if you go to Settings > Windows Update and click Check for Updates, it will appear in ‘Download and Install’, but it will automatically download only if your device has no compatibility.” “Even if you don’t check for updates, Windows 11 24H2 will automatically download at some point.”
Apple users may have their own patches to do. On May 12, Apple released a security update to resolve at least 30 vulnerabilities ios and iPados (Updated version 18.5). TechCrunch iOS 18.5 also extended emergency satellite functionality to iPhone 13 owners for the first time (previously only available on iPhone 14 or later).
Apple also released updates MacOS Sequoia,,,,, Macos Sonoma,,,,, Macos Ventura,,,,, watch,,,,, TVOS and Visionos. Apple said there is no indication that no loopholes fixed this month have been actively exploited.
As always, back up your device and/or important data before trying any updates. And, if you have any issues applying these fixes, feel free to make a sound in the comments.
