Microsoft May 2025 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, May 13, 2025 at 1:40 PM.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,549
    Location:
    UK
    May 2025 Security Updates
    This release consists of the following 78 Microsoft CVEs:
    Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

    Visual Studio Code CVE-2025-21264
    Windows Kernel CVE-2025-24063
    .NET, Visual Studio, and Build Tools for Visual Studio CVE-2025-26646
    Remote Desktop Gateway Service CVE-2025-26677
    Microsoft Defender for Endpoint CVE-2025-26684
    Microsoft Defender for Identity CVE-2025-26685
    Windows Secure Kernel Mode CVE-2025-27468
    Windows Hardware Lab Kit CVE-2025-27488
    Azure DevOps CVE-2025-29813
    Microsoft Edge (Chromium-based) CVE-2025-29825
    Microsoft Dataverse CVE-2025-29826
    Azure Automation CVE-2025-29827
    Windows Trusted Runtime Interface Driver CVE-2025-29829
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29830
    Remote Desktop Gateway Service CVE-2025-29831
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29832
    Windows Virtual Machine Bus CVE-2025-29833
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29835
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29836
    Windows Installer CVE-2025-29837
    Windows Drivers CVE-2025-29838
    Windows File Server CVE-2025-29839
    Windows Media CVE-2025-29840
    Universal Print Management Service CVE-2025-29841
    UrlMon CVE-2025-29842
    Windows LDAP - Lightweight Directory Access Protocol CVE-2025-29954
    Role: Windows Hyper-V CVE-2025-29955
    Windows SMB CVE-2025-29956
    Windows Deployment Services CVE-2025-29957
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29958
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29959
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29960
    Windows Routing and Remote Access Service (RRAS) CVE-2025-29961
    Windows Media CVE-2025-29962
    Windows Media CVE-2025-29963
    Windows Media CVE-2025-29964
    Windows Remote Desktop CVE-2025-29966
    Remote Desktop Gateway Service CVE-2025-29967
    Active Directory Certificate Services (AD CS) CVE-2025-29968
    Windows Fundamentals CVE-2025-29969
    Microsoft Brokering File System CVE-2025-29970
    Web Threat Defense (WTD.sys) CVE-2025-29971
    Azure Storage Resource Provider CVE-2025-29972
    Azure File Sync CVE-2025-29973
    Windows Kernel CVE-2025-29974
    Microsoft PC Manager CVE-2025-29975
    Microsoft Office SharePoint CVE-2025-29976
    Microsoft Office Excel CVE-2025-29977
    Microsoft Office PowerPoint CVE-2025-29978
    Microsoft Office Excel CVE-2025-29979
    Microsoft Office Excel CVE-2025-30375
    Microsoft Office Excel CVE-2025-30376
    Microsoft Office CVE-2025-30377
    Microsoft Office SharePoint CVE-2025-30378
    Microsoft Office Excel CVE-2025-30379
    Microsoft Office Excel CVE-2025-30381
    Microsoft Office SharePoint CVE-2025-30382
    Microsoft Office Excel CVE-2025-30383
    Microsoft Office SharePoint CVE-2025-30384
    Windows Common Log File System Driver CVE-2025-30385
    Microsoft Office CVE-2025-30386
    Azure CVE-2025-30387
    Windows Win32K - GRFX CVE-2025-30388
    Microsoft Office Excel CVE-2025-30393
    Remote Desktop Gateway Service CVE-2025-30394
    Microsoft Scripting Engine CVE-2025-30397
    Windows DWM CVE-2025-30400
    Windows Common Log File System Driver CVE-2025-32701
    Visual Studio CVE-2025-32702
    Visual Studio CVE-2025-32703
    Microsoft Office Excel CVE-2025-32704
    Microsoft Office Outlook CVE-2025-32705
    Windows Common Log File System Driver CVE-2025-32706
    Windows NTFS CVE-2025-32707
    Windows Ancillary Function Driver for WinSock CVE-2025-32709
    Azure CVE-2025-33072
    Microsoft Dataverse CVE-2025-47732
    Microsoft Power Apps CVE-2025-47733

    We are republishing 5 non-Microsoft CVEs:
    CNA Tag CVE FAQs? Workarounds? Mitigations?
    Chrome Microsoft Edge (Chromium-based) CVE-2025-4050
    Chrome Microsoft Edge (Chromium-based) CVE-2025-4051
    Chrome Microsoft Edge (Chromium-based) CVE-2025-4052
    Chrome Microsoft Edge (Chromium-based) CVE-2025-4096
    Chrome Microsoft Edge (Chromium-based) CVE-2025-4372

    Security Update Guide Blog Posts
    Date Blog Post
    November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
    June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
    April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
    January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
    January 11, 2022 Coming Soon: New Security Update Guide Notification System
    February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
    January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
    December 8, 2020 Security Update Guide: Let’s keep the conversation going
    November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

    Relevant Resources
    • The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
    • Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
    • Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    Known Issues
    You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

    For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    5058379 Windows 10, version 21H2, Windows 10, version 22H2
    5058384 Windows Server 2022, 23H2 Edition (Server Core installation)
    5058385 Windows Server 2022
    5058392 Windows 10, version 1809, Windows Server 2019
    5058405 Windows 11, version 22H2, Windows 11, version 23H2
    5058411 Windows 11, version 24H2
    5058429 Windows Server 2008 (Security-only update)
    5058449 Windows Server 2008 (Monthly Rollup)
    Released: May 13, 2025
    May 2025 Security Updates - Release Notes - Security Update Guide - Microsoft
     
    NICK ADSL UK, May 13, 2025 at 1:40 PM
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...