Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Microsoft Warns of Five Actively Exploited Windows Vulnerabilities

Comment

Microsoft Warns of Five Actively Exploited Windows Vulnerabilities

Netvora May 14, 2025 at 09:30 AM Security
Microsoft Warns of Five Actively Exploited Windows Vulnerabilities

Microsoft Warns of Five Actively Exploited Windows Vulnerabilities

By Netvora Tech News

During Microsoft's May patch day, the company issued warnings and updates for five actively exploited vulnerabilities in Windows. Four of these vulnerabilities allow an attacker with access to a system to elevate their privileges to SYSTEM or admin, potentially compromising the system completely. The fifth vulnerability makes remote code execution possible in certain cases.

Vulnerabilities in Windows Common Log Filesystem (CLFS)

The first two vulnerabilities (CVE-2025-32701 and CVE-2025-32706) are located in the Windows Common Log Filesystem (CLFS), a Windows component used for logging. Applications that want to store log files can make use of this feature. In recent years, dozens of vulnerabilities have been discovered in CLFS, with several being actively exploited before a Microsoft update was available, and others resulting in numerous exploits.

Last month, Microsoft reported that another CLFS vulnerability was used in ransomware attacks.

Elevation of Privilege (EoP) Vulnerabilities

The third vulnerability (CVE-2025-30400) is an Elevation of Privilege (EoP) vulnerability located in the DWM Core Library. This component has been targeted by attackers in the past, as has the Desktop Window Manager (DWM), which is used for displaying the Windows desktop.

The fourth EoP vulnerability (CVE-2025-32709) is located in the Windows Ancillary Function Driver for WinSock, another component that has been targeted by attackers in the past.

Remote Code Execution Vulnerability

The fifth and final vulnerability (CVE-2025-30397) allows remote code execution and is located in the Windows Scripting Engine. An attacker can exploit this vulnerability by getting a victim to open a specially crafted link. Microsoft notes that an attacker would first need to convince the victim to use Edge in Internet Explorer mode to exploit this vulnerability.

"This vulnerability is interesting because it forces Edge into Internet Explorer mode, so the ghost of IE continues to haunt us," says Dustin Childs of the Zero Day Initiative.

Updates and Mitigation

Microsoft has not released information on the detected attacks. The issued security updates that address the issues will be automatically installed on most systems.

Comments (0)

Leave a comment

Back to homepage

You might also like