Windows vulnerabilities are actively exploited
Patch now: Dangerous Windows vulnerabilities are being actively exploited
Microsoft warns of five zero-day vulnerabilities in Windows. There are also other dangerous vulnerabilities that allow malicious code to be executed.
Microsoft has once again closed all kinds of security gaps in its products for the May Patchday. This month, these include five vulnerabilities with a high severity level (CVSS between 7.5 and 7.8), which affect all common Windows versions and for which Microsoft has already identified active exploitation. Users and administrators who want to protect their Windows systems should patch them promptly.
Two of the actively exploited vulnerabilities(CVE-2025-32701 and CVE-2025-32706) relate to the Windows CLFS driver, one to the DWM Core Library(CVE-2025-30400). All three vulnerabilities allow privilege escalation and have a low attack complexity. Attackers with simple user rights can thus gain system rights.
The vulnerability CVE-2025-30397, which is also exploited, relates to Microsoft's scripting engine and allows malicious code to be executed remotely. However, the victim must use the Edge browser in IE mode and click on a link provided by the attacker. The fifth vulnerability(CVE-2025-32709) allows attackers with local access to gain admin rights via a Winsock driver.
Remote desktop client also vulnerable
Also worth mentioning are two buffer overflow vulnerabilities in the Windows remote desktop client. These are registered as CVE-2025-29966 and CVE-2025-29967 and also achieve a high severity level (CVSS: 8.8). In order for the vulnerabilities to be exploited, a target must connect to a server controlled by the attacker via RDP. As a result, malicious code can be executed on the victim's computer.
Microsoft has closed a total of 83 security vulnerabilities for the May Patchday. Five of the patches affect the Edge web browser and were taken from the Chromium project. Some gaps relate to Microsoft's Azure cloud platform and Microsoft Office.
Many of the patched Windows vulnerabilities affect not only the desktop versions Windows 10 and 11, but also Windows Server 2008 (R2), 2012 (R2), 2016, 2019, 2022 and 2025. To prevent possible security incidents, users and administrators should apply the available patches as soon as possible.