Microsoft May 2025 Security Updates

May 2025 Security Updates
This release consists of the following 78 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Visual Studio Code CVE-2025-21264
Windows Kernel CVE-2025-24063
.NET, Visual Studio, and Build Tools for Visual Studio CVE-2025-26646
Remote Desktop Gateway Service CVE-2025-26677
Microsoft Defender for Endpoint CVE-2025-26684
Microsoft Defender for Identity CVE-2025-26685
Windows Secure Kernel Mode CVE-2025-27468
Windows Hardware Lab Kit CVE-2025-27488
Azure DevOps CVE-2025-29813
Microsoft Edge (Chromium-based) CVE-2025-29825
Microsoft Dataverse CVE-2025-29826
Azure Automation CVE-2025-29827
Windows Trusted Runtime Interface Driver CVE-2025-29829
Windows Routing and Remote Access Service (RRAS) CVE-2025-29830
Remote Desktop Gateway Service CVE-2025-29831
Windows Routing and Remote Access Service (RRAS) CVE-2025-29832
Windows Virtual Machine Bus CVE-2025-29833
Windows Routing and Remote Access Service (RRAS) CVE-2025-29835
Windows Routing and Remote Access Service (RRAS) CVE-2025-29836
Windows Installer CVE-2025-29837
Windows Drivers CVE-2025-29838
Windows File Server CVE-2025-29839
Windows Media CVE-2025-29840
Universal Print Management Service CVE-2025-29841
UrlMon CVE-2025-29842
Windows LDAP - Lightweight Directory Access Protocol CVE-2025-29954
Role: Windows Hyper-V CVE-2025-29955
Windows SMB CVE-2025-29956
Windows Deployment Services CVE-2025-29957
Windows Routing and Remote Access Service (RRAS) CVE-2025-29958
Windows Routing and Remote Access Service (RRAS) CVE-2025-29959
Windows Routing and Remote Access Service (RRAS) CVE-2025-29960
Windows Routing and Remote Access Service (RRAS) CVE-2025-29961
Windows Media CVE-2025-29962
Windows Media CVE-2025-29963
Windows Media CVE-2025-29964
Windows Remote Desktop CVE-2025-29966
Remote Desktop Gateway Service CVE-2025-29967
Active Directory Certificate Services (AD CS) CVE-2025-29968
Windows Fundamentals CVE-2025-29969
Microsoft Brokering File System CVE-2025-29970
Web Threat Defense (WTD.sys) CVE-2025-29971
Azure Storage Resource Provider CVE-2025-29972
Azure File Sync CVE-2025-29973
Windows Kernel CVE-2025-29974
Microsoft PC Manager CVE-2025-29975
Microsoft Office SharePoint CVE-2025-29976
Microsoft Office Excel CVE-2025-29977
Microsoft Office PowerPoint CVE-2025-29978
Microsoft Office Excel CVE-2025-29979
Microsoft Office Excel CVE-2025-30375
Microsoft Office Excel CVE-2025-30376
Microsoft Office CVE-2025-30377
Microsoft Office SharePoint CVE-2025-30378
Microsoft Office Excel CVE-2025-30379
Microsoft Office Excel CVE-2025-30381
Microsoft Office SharePoint CVE-2025-30382
Microsoft Office Excel CVE-2025-30383
Microsoft Office SharePoint CVE-2025-30384
Windows Common Log File System Driver CVE-2025-30385
Microsoft Office CVE-2025-30386
Azure CVE-2025-30387
Windows Win32K - GRFX CVE-2025-30388
Microsoft Office Excel CVE-2025-30393
Remote Desktop Gateway Service CVE-2025-30394
Microsoft Scripting Engine CVE-2025-30397
Windows DWM CVE-2025-30400
Windows Common Log File System Driver CVE-2025-32701
Visual Studio CVE-2025-32702
Visual Studio CVE-2025-32703
Microsoft Office Excel CVE-2025-32704
Microsoft Office Outlook CVE-2025-32705
Windows Common Log File System Driver CVE-2025-32706
Windows NTFS CVE-2025-32707
Windows Ancillary Function Driver for WinSock CVE-2025-32709
Azure CVE-2025-33072
Microsoft Dataverse CVE-2025-47732
Microsoft Power Apps CVE-2025-47733

We are republishing 5 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
Chrome Microsoft Edge (Chromium-based) CVE-2025-4050
Chrome Microsoft Edge (Chromium-based) CVE-2025-4051
Chrome Microsoft Edge (Chromium-based) CVE-2025-4052
Chrome Microsoft Edge (Chromium-based) CVE-2025-4096
Chrome Microsoft Edge (Chromium-based) CVE-2025-4372

Security Update Guide Blog Posts
Date Blog Post
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5058379 Windows 10, version 21H2, Windows 10, version 22H2
5058384 Windows Server 2022, 23H2 Edition (Server Core installation)
5058385 Windows Server 2022
5058392 Windows 10, version 1809, Windows Server 2019
5058405 Windows 11, version 22H2, Windows 11, version 23H2
5058411 Windows 11, version 24H2
5058429 Windows Server 2008 (Security-only update)
5058449 Windows Server 2008 (Monthly Rollup)
Released: May 13, 2025
May 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

 

CVEs have been published or revised in the Security Update Guide
May 17, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-26629

• Title: Microsoft Office Remote Code Execution Vulnerability
• Version: 1.2
• Reason for revision: To comprehensively address CVE-2025-26629, Microsoft has released May 2025 security updates for all affected versions of Microsoft Office. Customers running any of these versions should ensure that they have the latest build installed. For more information and to verify the build version, see https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
• Originally released: March 11, 2025
• Last updated: May 13, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-29971

• Title: Web Threat Defense (WTD.sys) Denial of Service Vulnerability
• Version: 2.0
• Reason for revision: To comprehensively address CVE-2025-29971, Micrsoft has released HotPatch KB5061258 for Windows 11 Version 24H2 for x64-based Systems and Windows 11 Version 24H2 for ARM64-based Systems. Customers running these versions of Windows and who install the HotPatch updates should install KB5061258 to be protected from this vulnerability.
• Originally released: May 13, 2025
• Last updated: May 16, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-29977

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-29979

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-30375

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-30377

• Title: Microsoft Office Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Critical
• Customer action required: Yes

CVE-2025-30379

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-30381

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-30383

• Title: Microsoft Excel Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-30386

• Title: Microsoft Office Remote Code Execution Vulnerability
• Version: 2.0
• Reason for revision: Microsoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not need to take any action. See the [Release Notes](https://go.microsoft.com/fwlink/p/?linkid=831049) for more information and download links.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Critical
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
May 22, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-26646

• Title: .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
• Version: 2.0
• Reason for revision: To comprehensively address CVE-2025-26646, Microsoft has released security updates on May 22, 2025 for Visual Studio 2022 version 17.10. In addition, updates .NET 8.0.313 and .NET 8.0.410 have been released for .NET SDKs 8.0.3xx and 8.0.4xx, respectively. For more information about the .NET updates see [KB5059200](https://support.microsoft.com/en-us...b5059200-8ace2b08-2644-454e-a43f-157c60835e49). Microsoft recommends customers install these update to be fully protected from the vulnerability.
• Originally released: May 13, 2025
• Last updated: May 22, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
May 29, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-29833

• Title: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
• Version: 1.1
• Reason for revision: Added an FAQ and updated the CVSS score. This is an informational change only.
• Originally released: May 13, 2025
• Last updated: May 14, 2025
• Aggregate CVE severity rating: Critical
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
May 30, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-21174

• Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
• Version: 1.3
• Reason for revision: In the Security Updates table, corrected the Download and Article links for Windows Server 2012 R2 and Windows Server 2012 R2 (Server Core installation). This is an informational change only.
• Originally released: April 8, 2025
• Last updated: May 30, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
June 4, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-21174

• Title: Windows Standards-Based Storage Management Service Denial of Service Vulnerability
• Version: 1.3
• Reason for revision: In the Security Updates table, corrected the Download and Article links for Windows Server 2012 R2 and Windows Server 2012 R2 (Server Core installation). This is an informational change only.
• Originally released: April 8, 2025
• Last updated: May 30, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-21204

• Title: Windows Process Activation Elevation of Privilege Vulnerability
• Version: 2.2
• Reason for revision: Added an FAQ to explain the remediation steps customers need to take to be protected from CVE-2025-21204. This includes a link to a script to aid in completing the remediation steps. This is an informational change only.
• Originally released: April 8, 2025
• Last updated: June 4, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
June 5, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-29187

• Title: GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
• Version: 4.0
• Reason for revision: In the Security Updates table added the following versions of Windows ADK and ADK WinPE Add-on because these developer kits are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability. See the FAQs section of this vulnerability for more information: * ADK and ADK WinPE Add-on version 10.1.26100.2454 and later * ADK and ADK WinPE Add-on version 10.1.25398.1 (Republished in January 2025) * ADK and ADK WinPE Add-on for Windows 11, version 22H2 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows Server 2022 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows 10, version 2004 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows 10, version 1809 (Republished in May 2025) * ADK for Windows 10, version 1607 (Republished in May 2025)
• Originally released: June 11, 2024
• Last updated: June 4, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

 

CVEs have been published or revised in the Security Update Guide
June 5, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-47966

• 
  
  
  • Title: Power Automate Elevation of Privilege Vulnerability
  • Version: 1.0
  • Reason for revision: Information published.
  • Originally released: June 5, 2025
  • Last updated: June 5, 2025
  • Aggregate CVE severity rating: Critical
  • Customer action required: No