CVEs have been published or revised in the Security Update Guide May 2, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-29825 · Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability · Version: 1.0 · Reason for revision: Information published. · Originally released: May 1, 2025 · Last updated: May 1, 2025 · Aggregate CVE severity rating: Low · Customer action required: Yes CVE-2025-4050 · Title: Chromium: CVE-2025-4096 Heap buffer overflow in HTML · Version: 1.0 · Reason for revision: Information published. · Originally released: May 1, 2025 · Last updated: May 1, 2025 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2025-4051 · Title: Chromium: CVE-2025-4050 Out of bounds memory access in DevTools · Version: 1.0 · Reason for revision: Information published. · Originally released: May 1, 2025 · Last updated: May 1, 2025 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2025-4052 · Title: Chromium: CVE-2025-4051 Insufficient data validation in DevTools · Version: 1.0 · Reason for revision: Information published. · Originally released: May 1, 2025 · Last updated: May 1, 2025 · Aggregate CVE severity rating: · Customer action required: Yes CVE-2025-4096 · Title: Chromium: CVE-2025-4052 Inappropriate implementation in DevTools · Version: 1.0 · Reason for revision: Information published. · Originally released: May 1, 2025 · Last updated: May 1, 2025 · Aggregate CVE severity rating: Customer action required: Yes
CVEs have been published or revised in the Security Update Guide May 8, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-29813 Title: Azure DevOps Elevation of Privilege Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No CVE-2025-29827 Title: Azure Automation Elevation of Privilege Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No CVE-2025-29972 Title: Azure Storage Resource Provider Spoofing Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No CVE-2025-33072 Title: Microsoft msagsfeedback.azurewebsites.net Information Disclosure Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No CVE-2025-47732 Title: Microsoft Dataverse Remote Code Execution Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No CVE-2025-47733 Title: Microsoft Power Apps Information Disclosure Vulnerability Version: 1.0 Reason for revision: Information published. Originally released: May 8, 2025 Last updated: May 8, 2025 Aggregate CVE severity rating: Critical Customer action required: No
May 13, 2025—KB5058411 (OS Build 26100.4061) Applies To: Windows 11 version 24H2, all editions https://support.microsoft.com/en-us...100-4061-356568c2-c730-469e-819d-b680d43b1265 ------- May 13, 2025—KB5058379 (OS Builds 19044.5854 and 19045.5854) Applies To: Windows 10 Enterprise LTSC 2021 Windows 10 IoT Enterprise LTSC 2021 Windows 10, version 22H2, all editions https://support.microsoft.com/en-us...045-5854-0a30e9ee-5038-45dd-a5d7-70a8813a5e39
May 19, 2025—KB5061768 (OS Builds 19044.5856 and 19045.5856) Out-of-band Applies To: Windows 10 Enterprise LTSC 2021 Windows 10 IoT Enterprise LTSC 2021 Windows 10, version 22H2, all editions https://support.microsoft.com/en-us...-of-band-75b27cbd-072e-4c5a-b40e-87e00aaa42dd
CVEs have been published or revised in the Security Update Guide May 22, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-26646 · Title: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability · Version: 2.0 · Reason for revision: To comprehensively address CVE-2025-26646, Microsoft has released security updates on May 22, 2025 for Visual Studio 2022 version 17.10 In addition, updates .NET 8.0.313 and .NET 8.0.410 have been released for .NET SDKs 8.0.3xx and 8.0.4xx, respectively. For more information about the .NET updates see [KB5059200](https://support.microsoft.com/en-us...b5059200-8ace2b08-2644-454e-a43f-157c60835e49). Microsoft recommends customers install these update to be fully protected from the vulnerability. · Originally released: May 13, 2025 · Last updated: May 22, 2025 · Aggregate CVE severity rating: Important Customer action required: Yes
May 27, 2025—KB5058502 (OS 22621.5413 and 22631.5413) Preview Applies To: Windows 11 Enterprise and Education, version 22H2 Windows 11 version 23H2, all editions https://support.microsoft.com/en-us...-preview-6291789c-1eea-4227-9740-a701af6de688
May 27, 2025—KB5061977 (OS Build 26100.4066) Out-of-band Applies To: Windows 11 version 24H2, all editions https://support.microsoft.com/en-us...-of-band-a15fd6bb-313a-4a24-9e35-21dbcad2aa99 ---- It's only available via Microsoft Update Catalog. https://www.catalog.update.microsoft.com/Search.aspx?q=KB5061977 Edit: Microsoft releases KB5061977 Windows 11 24H2, Server 2025 emergency out of band updates https://www.neowin.net/news/microso...h2-server-2025-emergency-out-of-band-updates/
May 28, 2025—KB5058499 (OS Build 26100.4202) Preview Applies To: Windows 11 version 24H2, all editions https://support.microsoft.com/en-us...-preview-d4c2f1ee-8138-4038-b705-546945076f92 ---------- May 27, 2025—KB5058502 (OS 22621.5413 and 22631.5413) Preview Applies To: Windows 11 Enterprise and Education, version 22H2 Windows 11 version 23H2, all editions https://support.microsoft.com/en-us...-preview-6291789c-1eea-4227-9740-a701af6de688 ----------- May 28, 2025—KB5058481 (OS Build 19045.5917) Preview Applies To: Windows 10 Home and Pro, version 22H2 Windows 10 Enterprise Multi-Session, version 22H2 Windows 10 Enterprise and Education, version 22H2 Windows 10 IoT Enterprise, version 22H2 https://support.microsoft.com/en-us...-preview-7698d6e7-dd65-494d-b523-aa4c6aa913a2 ------------ ------------ Windows 11 gets big update with Settings, HDR improvements, and more in KB5058499 https://www.neowin.net/news/windows...tings-hdr-improvements-and-more-in-kb5058499/
CVEs have been published or revised in the Security Update Guide May 29, 2025 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2025-29833 Title: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Version: 1.1 Reason for revision: Added an FAQ and updated the CVSS score. This is an informational change only. Originally released: May 13, 2025 Last updated: May 14, 2025 Aggregate CVE severity rating: Critical Customer action required: Yes
