Microsoft Monthly Security Updates - 20250514001

Overview

Microsoft has released security updates to address 78 vulnerabilities in multiple products, one of which has been identified as having the highest level of severity, allowing for remote code execution without any user interaction or privileges.

What is vulnerable?

Known Exploitation

Product(s) Affected	CVE	CVSS	Severity
Vendor listed products and versions	CVE-2025-29813	10.0	Critical

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within the expected timeframe of 48 hours for internet facing devices and one month for others (refer Patch Management):

• Microsoft: https://msrc.microsoft.com/update-guide/releaseNote/2025-May

Additional References

• CISA Known Exploited Vulnerabilities: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

• BleepingComputer: https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2025-patch-tuesday-fixes-5-exploited-zero-days-72-flaws/