Microsoft Resolves 78 Vulnerabilities, Including 5 Actively Exploited Zero-Days; CVSS 10 Flaw Affects Azure DevOps Server

May 14, 2025
Endpoint Security / Vulnerability

Microsoft has released updates addressing 78 security vulnerabilities across its software, including five zero-days currently being exploited in the wild. Among these flaws, 11 are classified as Critical, 66 as Important, and one as Low in severity. The patches include 28 vulnerabilities that enable remote code execution, 21 related to privilege escalation, and 16 classified as information disclosure issues. This release also coincides with fixes for eight security flaws found in the Chromium-based Edge browser since last month’s Patch Tuesday. The details of the actively exploited vulnerabilities are as follows:

  • CVE-2025-30397 (CVSS score: 7.5) – Scripting Engine Memory Corruption Vulnerability
  • CVE-2025-30400 (CVSS score: 7.8) – Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability
  • CVE-2025-3270…

Microsoft Addresses 78 Security Flaws, Including Five Active Exploits; Azure DevOps Server Affected

On May 14, 2025, Microsoft released critical updates aimed at remedying a total of 78 security vulnerabilities discovered across its software portfolio. Notably, among these vulnerabilities are five zero-days that have been actively exploited in the wild, signaling an urgent need for users to apply the patches promptly.

The patch set includes 11 vulnerabilities categorized as Critical, 66 as Important, and one as Low in severity. The most alarming aspect of this update is that 28 of the identified vulnerabilities could lead to remote code execution, potentially allowing attackers to execute arbitrary commands on affected systems. Additionally, 21 vulnerabilities pertain to privilege escalation, which could enable unauthorized users to gain heightened permissions, while 16 are associated with information disclosure, risking the exposure of sensitive data.

In this release, Microsoft also addressed eight other security defects associated with its Chromium-based Edge browser, further highlighting the company’s commitment to maintaining software integrity following last month’s Patch Tuesday update.

The five zero-day vulnerabilities that have been directly exploited are particularly concerning. Among these are CVE-2025-30397, a scripting engine memory corruption vulnerability with a CVSS score of 7.5, and CVE-2025-30400, an elevation of privilege vulnerability within the Microsoft Desktop Window Manager (DWM) core library, rated at a CVSS score of 7.8. The critical nature of these vulnerabilities necessitates immediate action from organizations utilizing Microsoft products.

The target audience for these vulnerabilities is extensive, impacting a wide array of businesses that rely on Microsoft solutions, including those utilizing Azure DevOps Server. This platform is widely adopted for software development and collaboration, making its security paramount in today’s cyber environment. As cyber threats continue to evolve, the exposure of these vulnerabilities reinforces the need for robust cybersecurity measures across all sectors.

The MITRE ATT&CK framework provides insights into the tactics and techniques that adversaries may employ when exploiting such vulnerabilities. Techniques such as initial access, privilege escalation, and exploitation of public-facing applications could be integral parts of the attackers’ strategies. Given the scale of these threats, organizations must prioritize vulnerability management and patching to mitigate risks effectively.

As the cybersecurity landscape grows increasingly complex and hostile, timely intervention and security hygiene practices are critical. Business owners are urged to implement comprehensive security policies, ensure that updates are applied without delay, and consider employing additional defensive measures, such as continuous monitoring and incident response planning, to safeguard their operations against potential breaches.

Source link

Related Posts

Samsung Addresses CVE-2025-4632, Exploited in the Wild for Mirai Botnet Deployment Through MagicINFO 9 Vulnerability

May 14, 2025
Vulnerability / Malware

Samsung has issued software updates to fix a critical security vulnerability in MagicINFO 9 Server that has been actively targeted. Identified as CVE-2025-4632 (CVSS score: 9.8), this path traversal flaw allows attackers to write arbitrary files with system-level permissions. According to the advisory, the vulnerability arises from “improper limitation of a pathname to a restricted directory” in versions before 21.1052 of the MagicINFO 9 Server. Notably, CVE-2025-4632 serves as a patch bypass for a previously addressed vulnerability, CVE-2024-7399, which was mitigated by Samsung in August 2024. Shortly after a proof-of-concept was released by SSD Disclosure on April 30, 2025, CVE-2025-4632 began to be exploited in the wild, with reports of it being used to deploy the Mirai botnet. Initial investigations into these attacks mistakenly pointed to CVE-2024-7399, but cybersecurity firm Huntress later clarified the situation.

Russia-Linked APT28 Exploits MDaemon Zero-Day to Target Government Webmail Servers

May 15, 2025
Vulnerability / Email Security

A cyber espionage operation associated with a Russian threat actor is reportedly compromising webmail servers, including Roundcube, Horde, MDaemon, and Zimbra, by exploiting cross-site scripting (XSS) vulnerabilities, notably a zero-day flaw in MDaemon. This activity, coded as Operation RoundPress by ESET, began in 2023 and has been linked with moderate confidence to the state-sponsored hacking group APT28, also known by various names such as BlueDelta, Fancy Bear, and Sednit.

“The primary objective of this operation is to extract sensitive data from targeted email accounts,” stated ESET researcher Matthieu Faou in a report shared with The Hacker News. “While most victims are governmental and defense entities in Eastern Europe, we have also noted targets across Africa, Europe, and beyond.”

New Intel CPU Vulnerabilities Uncovered: Memory Leaks and Spectre v2 Exploits Persist

May 16, 2025
Hardware Security / Vulnerability

Researchers at ETH Zürich have identified a critical new security flaw that affects all modern Intel CPUs, allowing the leakage of sensitive data from memory. This latest vulnerability, dubbed Branch Privilege Injection (BPI), showcases that the Spectre threat continues to impact computer systems over seven years after its initial discovery. According to ETH Zürich, BPI can be exploited to manipulate the CPU’s prediction calculations, granting unauthorized access to information from other users on the same processor. Kaveh Razavi, head of the Computer Security Group (COMSEC) and a co-author of the study, noted that this flaw affects all Intel processors, potentially allowing malicious actors to access the cache contents and working memory of different users sharing the CPU. The attack exploits Branch Predictor Race Conditions (BPRC), which arise when a processor alternates between prediction calculations for multiple users.

Security Flaw in AWS Default IAM Roles Threatens Lateral Movement and Cross-Service Exploitation

Researchers in cybersecurity have identified concerning default identity and access management (IAM) roles within Amazon Web Services (AWS) that could potentially allow attackers to escalate privileges, manipulate other AWS services, and even compromise accounts entirely. According to Aqua researchers Yakir Kadkoda and Ofek Itach, “These roles, typically created automatically or suggested during setup, grant excessively broad permissions, including full access to S3.” They warn that these default roles create silent attack vectors for privilege escalation and cross-service access, leading to possible account breaches. The cloud security firm pinpointed vulnerabilities in default IAM roles established by AWS services such as SageMaker, Glue, EMR, and Lightsail. A similar issue has also been detected in the widely-used open-source framework Ray, which generates a default IAM role (ray-autoscaler-v1) that includes the AmazonS3FullAccess policy.