CyberSecurity news
FlagThis
@cyberscoop.com
//
CISA has added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action follows Microsoft's May 2025 Patch Tuesday, which addressed a total of 72 vulnerabilities, including these five zero-day exploits. The vulnerabilities affect various Windows components, posing a significant risk to systems if left unpatched. The addition to the KEV catalog underscores the urgency for organizations to apply the relevant Microsoft patches.
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock.
Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation.
ImgSrc: cyberscoop.com
References :
The zero-day vulnerabilities include CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709. CVE-2025-30397 is a memory corruption vulnerability in the Windows scripting engine, while CVE-2025-30400 affects the Microsoft DWM Core Library. CVE-2025-32701 and CVE-2025-32706 are defects in the Windows Common Log File System (CLFS) Driver, which are particularly concerning as they can lead to elevation of privilege to SYSTEM. CVE-2025-32709 resides in the Windows Ancillary Function Driver for WinSock.
Security experts recommend immediate patching, especially for the CLFS driver vulnerabilities. Mike Walters of Action1 warned that attackers could exploit the CLFS zero-days to gain full control of systems, allowing them to run arbitrary code, install malware, modify data, or disable security protections. The Cybersecurity and Infrastructure Security Agency (CISA) encourages all organizations to review and apply the necessary updates to mitigate the risk of exploitation.
ImgSrc: cyberscoop.com
Share:
References :
- isc.sans.edu: Microsoft Patch Tuesday: May 2025, (Tue, May 13th)
- Threats | CyberScoop: Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days
- Help Net Security: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days
- cyberinsider.com: Microsoft Patches Five Actively Exploited Flaws in May 2025 Windows 11 Update
- ComputerWeekly.com: May Patch Tuesday brings five exploited zero-days to fix
- cyberscoop.com: Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days
- securityaffairs.com: Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days
- socradar.io: May 2025 Patch Tuesday: 78 Flaws, 5 Exploited, & Critical SAP Fixes
- The Hacker News: Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
- securityaffairs.com: U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
- Cisco Talos Blog: Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “criticalâ€.
- www.helpnetsecurity.com: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited
Classification:
- HashTags: #CISA #Vulnerabilities #Exploitation
- Company: Microsoft
- Target: Windows Users
- Product: Windows
- Feature: Active Exploitation
- Type: Vulnerability
- Severity: Major