The latest security update from Microsoft fixes 72 vulnerabilities, five of which have been actively exploited.
Every second Tuesday of the month, Microsoft releases security updates for Windows and other software. The May 2025 update includes patches for 72 vulnerabilities, including five zero-days that have been actively exploited. Two of these were already publicly known.
Actively Exploited Vulnerabilities
Four of the five exploited flaws are bugs that allow attackers to gain local system privileges. These are found in the Windows Common Log File System driver, the DWM Core Library, and the Ancillary Function Driver for WinSock. The fifth is a vulnerability in the Microsoft Scripting Engine, which can be exploited via Edge or Internet Explorer if a user clicks on a malicious link.
Additionally, a spoofing vulnerability in Microsoft Defender (CVE-2025-26685) has been made public, as well as a bug in Visual Studio.
What Should You Do?
Security updates are usually installed automatically, but you can also check if your system is up-to-date via Settings >Windows Update. Especially with active zero-days, updating as quickly as possible is strongly recommended.