Microsoft has introduced the May 2025 Patch Tuesday updates, which include not only the usual security fixes but also several significant quality improvements for both Windows 11 and Windows 10. This month’s update comprises an impressive 74 patches that address security flaws across Windows and its components, Office, Azure, Remote Desktop Gateway Service, Microsoft Defender, and more.
In terms of quality and user experience updates, Microsoft has released the KB5058411 patch for Windows 11 version 24H2, featuring AI-driven Recall and Click to Do functionalities for Copilot+ PCs. Meanwhile, for Windows 11 version 23H2, the KB5058405 update introduces pivot-based curated views in the File Explorer Home, enhanced performance when handling ZIP files, and improved support for text scaling.
74 security issues were resolved in the May 2025 Patch Tuesday updates
This month, Microsoft has addressed 12 vulnerabilities classified as critical, with the rest deemed Important in severity. The company has alerted users that five of these vulnerabilities are actively being exploited, specifically targeting Windows 10 and 11 PCs, as well as Windows Server systems. Let’s delve into the key vulnerabilities Microsoft resolved in the May 2025 Patch Tuesday updates.
CVE-2025-30397: This is a memory-corruption flaw in the Scripting Engine, carrying a CVSS score of 7.5. It could allow unauthorized attackers to execute remote code on systems that haven’t been patched.
CVE-2025-30400: An elevation of privilege issue in the Microsoft Desktop Window Manager (DWM) Core Library affects Windows 11, Windows 10, Windows Server 2016, and later versions of the server operating system.
CVE-2025-32701 and CVE-2025-32706: These are elevation-of-privilege vulnerabilities in the Windows Common Log File System Driver, each with a CVSS score of 7.8. Exploiting these weaknesses could enable attackers to take control of a device locally and carry out unauthorized actions.
CVE-2025-32702: A remote-code execution vulnerability impacting Visual Studio 2019 and 2022.
CVE-2025-32709: This vulnerability in the Windows Ancillary Function driver for Winsock, rated 7.8 on the CVSS scale, could permit threat actors to execute an exploit and obtain administrator-level privileges on targeted devices.
CVE-2025-29972: A critical Server-Side Request Forgery (SSRF) flaw affecting Microsoft Azure, specifically within the Azure Storage Resource Provider.
CVE-2025-29827: This defect allows cybercriminals to perform elevation of privilege attacks against Azure Automation.
Enhancements to quality and experiences
For those operating Windows 11 version 24H2, the KB5058411 update brings to life the AI-enhanced Windows Recall and Click to Do features on Copilot+ machines. It also unveils a novel AI-driven search functionality for AMD and Intel systems. In addition, this update introduces a Phone Link sidebar within the Start menu, a Speech recap capability for Narrator, and pivot-based curated views in File Explorer Home, among other features. These advancements are also accessible to users on Windows 11 version 23H2.
On the other hand, for Windows 10 version 22H2, this update introduces various security enhancements to the core functionalities of the Windows OS. It also incorporates a set of blocklisted drivers that address security vulnerabilities exploited in Bring Your Own Vulnerable Driver (BYOVD) attacks.
Exploring the best practices for evaluating and managing Windows Updates
Organizations aiming to deploy monthly patches should thoroughly test them before implementing them broadly on production systems. Nonetheless, applying the patches shouldn’t be unduly delayed, as hackers quickly begin figuring out how to exploit newly discovered vulnerabilities.
Dual Layer advises to rollout staggered updates across the firm rather than a one off for the entire network of users. Each month, users face challenges with Windows updates, ranging from systems unable to boot, application and hardware compatibility issues, or in extreme cases, data loss. With a staggered update policy, the above issues would be limited to a few users and doesn’t affect the entire organization. This will provide opportunity for the IT personnel to address the issues before rolling out the updates across the firm.