WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Scattered Clouds Humidity: 79%
Wind: 2.06 M/S

CISA Flags Microsoft Windows Flaws as Actively Exploited

Security Hits: 250
CISA Flags Microsoft Windows Flaws as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several

Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. 

These newly listed flaws are: 

  • CVE-2025-30397 (CVSS score: 7.5): Scripting Engine Memory Corruption Vulnerability 
  • CVE-2025-30400 (CVSS score: 7.8): Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability 
  • CVE-2025-32701 (CVSS score: 7.8): Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability 
  • CVE-2025-32706 (CVSS score: 7.8): Windows Common Log File System Driver Elevation of Privilege Vulnerability 
  • CVE-2025-32709 (CVSS score: 7.8): Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 

Microsoft addressed these security issues in its May 2025 Patch Tuesday updates. The company confirmed that the vulnerabilities listed above have been exploited in real-world attacks. 

According to the Zero Day Initiative (ZDI), twelve of the released patches are rated as Critical, while the rest are considered Important. Although this volume of fixes is not unusual for May, it puts Microsoft ahead of last year’s CVE release pace. ZDI also noted an unusually high number of Office-related patches this month, which may hint at upcoming attack trends. 

Microsoft has identified five vulnerabilities that were actively exploited at the time of the patch release, and noted that two others were already publicly known. 

Further details on the flaws include: 

  • CVE-2025-30397: This vulnerability allows remote code execution in Microsoft Edge when users are tricked into clicking a malicious link. The flaw forces Edge to enter Internet Explorer mode. 
  • CVE-2025-32701 and CVE-2025-32706: These vulnerabilities in the CLFS driver enable attackers to escalate privileges to SYSTEM level, potentially supporting ransomware deployment. 
  • CVE-2025-32709: Found in the Ancillary Function Driver for WinSock, this flaw has been exploited again since February. It allows privilege escalation to SYSTEM and raises concerns about the effectiveness of earlier patches. 
  • CVE-2025-30400: This vulnerability in the DWM Core Library, which has recently been exploited again, enables SYSTEM-level code execution. Security researchers warn it could be used in phishing or ransomware campaigns. 

Under Binding Operational Directive (BOD) 22-01, titled "Reducing the Significant Risk of Known Exploited Vulnerabilities," federal civilian executive branch (FCEB) agencies are required to patch these vulnerabilities by June 3, 2025. 

Cybersecurity experts also advise private sector organizations to review the KEV catalog and promptly address the identified flaws within their systems to minimize risk. 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.