Microsoft Monthly Security Updates - 20250514001¶
Overview¶
Microsoft has released security updates to address 78 vulnerabilities in multiple products, one of which has been identified as having the highest level of severity, allowing for remote code execution without any user interaction or privileges.
What is vulnerable?¶
Known Exploitation¶
Product(s) Affected | CVE | CVSS | Severity |
---|---|---|---|
Vendor listed products and versions | CVE-2025-29813 | 10.0 | Critical |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within the expected timeframe of 48 hours for internet facing devices and one month for others (refer Patch Management):
Additional References¶
-
CISA Known Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
-
BleepingComputer: https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2025-patch-tuesday-fixes-5-exploited-zero-days-72-flaws/