Microsoft Software update released to fix at least 70 weaknesses on Tuesday Stretch And related products, including Five zero-day flaws that are already watching active exploitationConnecting a sense of urgency with this month’s patch batch from Redmund is fixed for two other weaknesses that are now available in public proof-off-concept adventures.
Microsoft and many security firms have revealed that the attackers are exploiting a pair of insects Windows Common Log File System (CLFS) drivers who allow the attackers to elevate their privileges on a weak device. Windows CLFS is an important Windows component responsible for logging services, and is widely used by Windows system services and third-party applications for logging. Tracked Cve-2025-32701 And Cve-2025-32706These flaws are present in all supported versions of Windows 10 and 11 as well as in their server versions.
Kev burnSenior director of threat research Emarsiv LabsPrivileges Escaletion Bugs believe that an attacker has an early access to a compromised hosts, usually through a fishing attack or using the theft credibility. But if that access is already present, Breen said, the attackers can get access to a much more powerful Windows system account, which can disable safety tooling or even obtain domain administration level permission using a credential harvesting tool.
He said, “Patch notes do not provide technical details of how it is being exploited, and no indicators of compromise (IOCs) have been shared, which means that only mitigation security teams have to implement these patch immediately,” he said. “The average time for exploitation of public disclosure is less than five days, the danger actors, ransomware groups, and quick partners to take advantage of these weaknesses.”
Two other zero-day patches by Microsoft were still the height of privilege defects: Cve-2025-32709Which is worried, AFD.SYS, Windows auxiliary ceremony driver This enables the Windows application to connect to the Internet; And Cve-2025-30400A weakness in Desktop window manager (DWM) Library for Windows. As Adam barnet But Rapid7 Note marks tomorrow One year anniversary Of Cve-2024-30051In this similar DWM component, the height of the previous zero-day of privilege vulnerability.
Today’s fifth zero-day patch Cve-2025-30397A defect in Microsoft scripting engineUsed by a major component Internet Explorer And Internet explorer mode In Microsoft edge,
Chris goal But Ivanti It is said that Windows 11 and Server 2025 updates include some new AI features that carry a lot of accessories and weigh in about 4 gigabytes. The said baggage includes new artificial intelligence (AI) capabilities including controversial Memorization The feature, which takes continuous screenshots, is what users are doing on Windows Copilot-competent computers.
Microsoft went back to the drawing board after a fountain of negative feedback from security experts, who warned that it would offer a potential gold mine for an attractive goal and attackers. Microsoft has made some attempts to prevent sensitive financial information from scooping, but privacy and security concerns are still dull. Pre -microsofti Kevin Beom Is A good tear To remember on the update of Microsoft.
In any case, Windowslatest.com report that Windows 11 version 24h2 Shows ready for download, even if you don’t want it.
“It will now show automatically for ‘download and install’ if you go to Settings> Windows updates and click on check for updates, but only when there is no compatibility in your device,” publishing Informed“Even if you don’t check the update, Windows 11 24H 2 will automatically download at some point.”
Apple users are likely to do their own patching. On May 12, Apple released security updates to fix at least 30 weaknesses IOS And IPados (Updated version Is 18.5, Tekkachchan Write This iOS 18.5 also expands emergency satellite capabilities for the iPhone 13 owners for the first time (earlier it was only available iPhone 14 or later).
Apple too Released update For Mcos Sevia, Mcos Sonoma, Macos Ventura, Watch, TVOS And VisionosApple said that there is no sign of active exploitation for any of the weaknesses fixed this month.
As usual, please backup your device and/or important data before trying any update. And please feel free to sound in the comments if you participate in any problem in applying any of these fixes.
