Crucial Update: Microsoft Addresses 5 Urgent Zero-Day Exploitations on Patch Tuesday
Microsoft Addresses Five Actively Exploited Zero-Days
In the latest round of Patch Tuesday, Microsoft has addressed a staggering seventy plus vulnerabilities.
Among these include five zero-days that are currently being actively exploited, as well as two further vulnerabilities that have been disclosed to the public but not yet taken advantage of by cyber criminals.
Details on the Zero-Day Exploits
Of particular note among the addressed vulnerabilities is CVE-2025-30397, a zero-day associated with Microsoft’s Windows Scripting Engine.
This memory corruption vulnerability has been exploited by attackers to remotely execute malicious code.
The exploit is performed via a specially crafted URL, which, once clicked by the unsuspecting user, opens the door to the attacker, providing them with high level access to the user’s system.
What Other Vulnerabilities Were Patched?
Alongside the zero-days, two publicly disclosed vulnerabilities were also patched.
Both of these security issues have the potential to be used for privilege escalation.
While they have been publicly disclosed to the security community, they have not yet been identified as being used within any active exploit campaigns.
How Can You Protect Your Systems?
To protect your systems effectively, it is recommended that you apply the Microsoft patches as soon as possible.
These patches can be found and downloaded via the Windows Update facility on your Windows desktop.
By promptly updating your systems, you can significantly reduce the risk of falling victim to these vulnerabilities.
References:
- Microsoft Security Response Centre: Security Update Guide.
- Microsoft Security Response Center: Patch Tuesday – March 2025.
- CSO Online: Patch Tuesday Lowdown, March 2025 Edition.
Follow-Up Reading:
- Krebs on Security: Microsoft Patch Tuesday, May 2025
- Help Net Security: Microsoft May 2025 Patches
- ZDNet: Microsoft’s May 2025 Patch Tuesday is a big one
Remember, the best defense against cyber attacks is to keep your systems updated and to be aware of the latest cyber threats.
Stay safe, and happy patching!
