In May 2025, Microsoft released security updates addressing 78 vulnerabilities across its software suite, including five zero-day flaws actively exploited in the wild. These include remote code execution and privilege escalation bugs affecting components like the Scripting Engine, Desktop Window Manager (DWM), Common Log File System (CLFS), and WinSock. The most severe, CVE-2025-29813, is a privilege escalation flaw in Azure DevOps Server with a CVSS score of 10.0. Microsoft’s Patch Tuesday also fixed issues in Microsoft Defender for Endpoint on Linux and Defender for Identity, where attackers could exploit local scripts or spoofing methods to gain unauthorized access. The U.S. CISA added the exploited zero-days to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to patch by June 3. These updates highlight ongoing threats from both criminal groups and nation-state actors, such as the Lazarus Group and Play ransomware, and signal the importance of timely patching. Alongside Microsoft, vendors like Apple, Cisco, Google, Intel, and others also issued critical security fixes, emphasizing a coordinated effort to address rising cyber threats across platforms.

‍