May 2025 Patch Tuesday: Zero-Days, RCEs, and a Rising Office Threat Landscape

May 2025’s Patch Tuesday: Why It Matters

May 2025’s Patch Tuesday is grabbing attention—for reasons both reassuring and alarming. Microsoft has rolled out patches for 72 vulnerabilities, including:

• 5 zero-days currently exploited in the wild
• 6 critical flaws, most enabling remote code execution (RCE)

Notably, this month revealed a spike in Office-related vulnerabilities, underscoring an evolving trend: attackers are shifting focus toward Microsoft 365 environments.

What’s New in May 2025 Patch Tuesday?

On May 13, Microsoft released patches across its ecosystem:

• Windows
• Office
• Azure
• Visual Studio
• Microsoft Defender

🔴 Five of the patched vulnerabilities were actively exploited, and two more had been publicly disclosed prior to patch availability.

➡️ See full details on:

• BleepingComputer
• NHS England Digital
• The Hacker News

---

Breakdown of May 2025 Vulnerabilities

• 17 Elevation of Privilege
• 2 Security Feature Bypass
• 28 Remote Code Execution
• 15 Information Disclosure
• 7 Denial of Service
• 2 Spoofing

---

Five Actively Exploited Zero-Days

One of the standout zero-days is CVE-2025-30397—a scripting engine memory corruption flaw enabling remote code execution via malicious links.

This vulnerability can force Microsoft Edge into Internet Explorer mode, revealing the persistent risks of legacy components.

Other zero-days include:

• Windows privilege escalation vulnerabilities
• A flaw in the Windows Ancillary Function Driver for Winsock: CVE-2025-32709

👉 Read more on:

• Zero Day Initiative
• TechTarget

Office Vulnerabilities: A Growing Threat

This month saw an unusual surge in Microsoft Office vulnerabilities.

Microsoft patched critical issues in:

• Word
• Excel
• PowerPoint
• Outlook
• SharePoint Server

Two RCE bugs stood out:

• CVE-2025-30377
• CVE-2025-30386

These can be exploited simply by opening a malicious document, signaling a strategic shift by attackers toward document-based threats aimed at Microsoft 365 users.

🛡 More on this trend from:

• Microsoft May Update

Why This Matters for Microsoft 365 Users

• ⚠️ Zero-days are being exploited before patches are released—reaction time matters.
• 📄 Office vulnerabilities are rising, especially in document-based attacks.
• 🧱 Legacy components still lurk within modern systems, broadening the attack surface.
• 🔧 MSPs need streamlined tools to stay ahead of risk.

What Should You Do Now?

✅ Patch Immediately

Deploy May 2025 updates across all systems—especially Microsoft 365 Apps and Office 2019.

🔧 Harden Application Settings

Block Office child processes, disable macros, and use Group Policy Objects (GPOs) to restrict risky behaviors.

🔍 Monitor Exploit Chains

Watch for CVE combinations used in ransomware attacks, often involving elevation of privilege.

🧠 Educate End Users

Train users to avoid clicking unknown links or opening suspicious documents—even from familiar senders.

Let Optimize365 Help You Stay Secure at Scale

Optimize365: Microsoft 365 Security—Simplified

Don’t just patch—proactively protect.

Optimize365.io is built for MSPs and MSSPs who need to simplify and automate Microsoft 365 security management.

Our Offering:

• 🚀 Streamlined Client Onboarding
• 🔐 Security Baseline Enforcement and User Impact Prediction
• ⚠️ Drift Detection & Remediation
• 📈 Revenue Opportunity Identification

Our platform:

• Cuts down manual work
• Increases client security
• Gives you scalable control over all your clients’ Microsoft 365 environments

👉 Start your journey with Optimize365 — and make security a strategic advantage, not a burden.

Stay ahead of the threats. Patch fast. Automate faster.