As Bleeping Computer reports, the May update addresses 17 elevation of privilege flaws, two security feature bypass flaws, 28 remote code execution flaws, 15 information disclosure flaws, seven denial of service flaws, and two spoofing flaws. In addition to the zero-day exploits, six of the remote code execution vulnerabilities are labeled "critical" along with one information disclosure flaw.
While all of Microsoft's security updates are important to maintain the integrity of your devices and data, this Patch Tuesday is particularly heavy on zero-days—flaws that are actively exploited or publicly disclosed before the developer issues an official fix.
The fifth active exploit is a remote code execution vulnerability (labeled CVE-2025-30397) in Microsoft Scripting Engine. The flaw can be exploited if an authenticated user clicks a fraudulent link in Microsoft Edge or Internet Explorer, allowing attackers to execute code over a network.
One of the publicly disclosed zero-days patched this month is a spoofing flaw in Microsoft Defender (CVE-2025-26685) that allows unauthenticated attackers with LAN access to spoof another account. This was discovered by Joshua Murrell with NetSPI. The final zero-day (CVE-2025-32702) is a remote code execution vulnerability in Visual Studio—Microsoft has not revealed any additional details.
How to protect your PC
Settings > Windows Update and selecting Check for Windows updates.
Read More Details
Finally We wish PressBee provided you with enough information of ( Microsoft’s ‘Patch Tuesday’ Update Fixes Seven Zero-Day Exploits )
Also on site :