MS Family May 2025 Routine Security Update Advisory

May 14 2025

Overview

Microsoft(https://www.microsoft.com) has released a security update that fixes vulnerabilities in products it has supplied. Users of affected products are advised to update to the latest version.

Affected Products

Apps family

Microsoft PC Manager

Azure Family

Azure AI Document Intelligence Studio

Azure File Sync v19.0

Azure File Sync v20.0

Windows HLK for Windows Server 2022

Developer Tools suite

.NET 8.0 installed on Linux

.NET 8.0 installed on Mac OS

.NET 8.0 installed on Windows

.NET 9.0 installed on Linux

.NET 9.0 installed on Mac OS

.NET 9.0 installed on Windows

Build Tools for Visual Studio 2022

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10)

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.13

Microsoft Visual Studio 2022 version 17.8

Visual Studio Code

ESU Family

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2012

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 R2 (Server Core installation)

Microsoft Dynamics Suite

Microsoft Dataverse

Microsoft Office Suite

Microsoft 365 Apps for Enterprise for 32-bit Systems

Microsoft 365 Apps for Enterprise for 64-bit Systems

Microsoft Excel 2016 (32-bit edition)

Microsoft Excel 2016 (64-bit edition)

Microsoft Office 2016 (32-bit edition)

Microsoft Office 2016 (64-bit edition)

Microsoft Office 2019 for 32-bit editions

Microsoft Office 2019 for 64-bit editions

Microsoft Office LTSC 2021 for 32-bit editions

Microsoft Office LTSC 2021 for 64-bit editions

Microsoft Office LTSC 2024 for 32-bit editions

Microsoft Office LTSC 2024 for 64-bit editions

Microsoft Office LTSC for Mac 2021

Microsoft Office LTSC for Mac 2024

Microsoft Office for Android

Microsoft Office for Universal

Microsoft SharePoint Enterprise Server 2016

Microsoft SharePoint Server 2019

Microsoft SharePoint Server Subscription Edition

Office Online Server

System Center Suite

Microsoft Defender for Endpoint for Linux

Microsoft Defender for Identity

Windows 系列

Remote Desktop client for Windows Desktop

Windows 10 HLK Version 22H2

Windows 10 HLK version 20H2

Windows 10 HLK version 21H1

Windows 10 HLK version 21H2

Windows 10 Version 1607 for 32-bit Systems

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 10 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 11 HLK 22H2

Windows 11 HLK 24H2

Windows 11 Version 22H2 for ARM64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows 11 Version 24H2 for x64-based Systems

Windows App Client for Windows Desktop

Windows HLK Version 1809

Windows HLK for Windows 10 version 2004

Windows HLK for Windows Server 2019

Windows HLK for Windows Server 2025

Windows Server 2016

Windows Server 2016 (Server Core installation)

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server 2022

Windows Server 2022 (Server Core installation)

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows Server 2025

Windows Server 2025 (Server Core installation)

Resolved Vulnerabilities

5 vulnerabilities rated Critical and 66 rated Important were found.

Apps family

Critical-rated privilege escalation vulnerability in Microsoft PC Manager (CVE-2025-29975)

Azure family

Critical elevation of privilege vulnerability in Azure File Sync (CVE-2025-29973)

Critical elevation of privilege vulnerability in Azure (CVE-2025-30387)

Developer Tools suite

Critical spoofing vulnerability in .NET, Visual Studio, and Build Tools for Visual Studio (CVE-2025-26646)

Critical security feature bypass vulnerability in Visual Studio Code (CVE-2025-21264)

Critical remote code execution vulnerability in Visual Studio (CVE-2025-32702)

Critical information disclosure vulnerability in Visual Studio (CVE-2025-32703)

Microsoft Dynamics Suite

Critical elevation of privilege vulnerability in Microsoft Dataverse (CVE-2025-29826)

Microsoft Office Suite

Critical remote code execution vulnerabilities in Microsoft Office Excel (CVE-2025-29977, CVE-2025-30375, CVE-2025-30376, CVE-2025-30379, CVE-2025-30381, CVE-2025-30383, CVE-2025-30393, CVE-2025-32704, CVE-2025-29979)

Critical remote code execution vulnerability in Microsoft Office Outlook (CVE-2025-32705)

Critical remote code execution vulnerability in Microsoft Office PowerPoint (CVE-2025-29978)

Critical elevation of privilege vulnerability in Microsoft Office SharePoint (CVE-2025-29976)

Critical-grade remote code execution vulnerabilities in Microsoft Office SharePoint (CVE-2025-30378, CVE-2025-30382, CVE-2025-30384)

Critical-grade remote code execution vulnerabilities in Microsoft Office (CVE-2025-30377, CVE-2025-30386)

Critical-grade remote code execution vulnerability in Windows Win32K – GRFX (CVE-2025-30388)

System Center Suite

Critical elevation of privilege vulnerability in Microsoft Defender for Endpoint (CVE-2025-26684)

Critical spoofing vulnerability in Microsoft Defender for Identity (CVE-2025-26685)

Windows family

Critical-grade denial of service vulnerability in Active Directory Certificate Services (AD CS) (CVE-2025-29968)

Critical elevation of privilege vulnerability in Microsoft Brokering File System (CVE-2025-29970)

Critical remote code execution vulnerability in Microsoft Scripting Engine (CVE-2025-30397)

Critical remote code execution vulnerability in Remote Desktop Gateway Service (CVE-2025-29967)

Critical-grade denial of service vulnerability in Remote Desktop Gateway Service (CVE-2025-30394, CVE-2025-26677)

Critical remote code execution vulnerability in Remote Desktop Gateway Service (CVE-2025-29831)

Role: Critical Denial of Service Vulnerability in Windows Hyper-V (CVE-2025-29955)

Critical elevation of privilege vulnerability in Universal Print Management Service (CVE-2025-29841)

Critical security feature bypass vulnerability in UrlMon (CVE-2025-29842)

Critical Denial of Service Vulnerability in Web Threat Defense (WTD.sys) (CVE-2025-29971)

Critical elevation of privilege vulnerability in Windows Ancillary Function Driver for WinSock (CVE-2025-32709)

Critical elevation of privilege vulnerabilities in Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706, CVE-2025-30385)

Critical elevation of privilege vulnerability in Windows DWM (CVE-2025-30400)

Critical denial of service vulnerability in Windows Deployment Services (CVE-2025-29957)

Critical elevation of privilege vulnerability in Windows Drivers (CVE-2025-29838)

Critical information disclosure vulnerability in Windows File Server (CVE-2025-29839)

Critical remote code execution vulnerability in Windows Fundamentals (CVE-2025-29969)

Critical elevation of privilege vulnerability in Windows Hardware Lab Kit (CVE-2025-27488)

Critical information disclosure vulnerability in Windows Installer (CVE-2025-29837)

Critical elevation of privilege vulnerability in Windows Kernel (CVE-2025-24063)

Critical information disclosure vulnerability in the Windows Kernel (CVE-2025-29974)

Critical denial of service vulnerability in Windows LDAP – Lightweight Directory Access Protocol (CVE-2025-29954)

Critical remote code execution vulnerabilities in Windows Media (CVE-2025-29964, CVE-2025-29840, CVE-2025-29962, CVE-2025-29963)

Critical elevation of privilege vulnerability in Windows NTFS (CVE-2025-32707)

Critical remote code execution vulnerability in Windows Remote Desktop (CVE-2025-29966)

Critical information disclosure vulnerabilities in Windows Routing and Remote Access Service (RRAS) (CVE-2025-29959, CVE-2025-29960, CVE-2025-29830, CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29958, CVE-2025-29961)

Critical information disclosure vulnerability in Windows SMB (CVE-2025-29956)

Critical elevation of privilege vulnerability in Windows Secure Kernel Mode (CVE-2025-27468)

Critical information disclosure vulnerability in the Windows Trusted Runtime Interface Driver (CVE-2025-29829)

Critical remote code execution vulnerability in Windows Virtual Machine Bus (CVE-2025-29833)

Vulnerability Patches

The following product-specific vulnerability patches were made available in the May 13, 2025 Update Please use the Windows Update feature for automatic installation or refer to the URLs in the product information below to download and install.

.NET 8.0 installed on Linux versions

.NET 8.0 installed on Mac OS versions

.NET 8.0 installed on Windows versions

https://dotnet.microsoft.com/en-us/download/dotnet/8.0

.NET 9.0 installed on Linux version

.NET 9.0 installed on Mac OS versions

.NET 9.0 installed on Windows version

https://dotnet.microsoft.com/en-us/download/dotnet/9.0

Azure AI Document Intelligence Studio version

Azure File Sync v19.0 version

Azure File Sync v20.0 version

Build Tools for Visual Studio 2022 version

https://msrc.microsoft.com/update-guide/

Microsoft 365 Apps for Enterprise version

https://msrc.microsoft.com/update-guide/

Microsoft Dataverse version

Microsoft Defender for Endpoint for Linux version

https://msrc.microsoft.com/update-guide/

Microsoft Excel 2016 version

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002716

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002695

Microsoft Office 2016 version

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002717

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002711

Microsoft Office 2019 editions

Microsoft Office LTSC 2021 editions

Microsoft Office LTSC 2024 editions

https://msrc.microsoft.com/update-guide/

Microsoft Office LTSC for Mac 2021 version

Microsoft Office LTSC for Mac 2024 version

Microsoft Office for Android editions

Microsoft Office for Universal editions

Microsoft PC Manager editions

https://msrc.microsoft.com/update-guide/

Microsoft SharePoint Enterprise Server 2016 editions

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002722

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002712

Microsoft SharePoint Server 2019 version

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002708

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002706

Microsoft SharePoint Server Subscription Edition version

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002709

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 – 15.8) version

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 – 16.10) version

Microsoft Visual Studio 2022 version 17.10

Microsoft Visual Studio 2022 version 17.12

Microsoft Visual Studio 2022 version 17.13

Microsoft Visual Studio 2022 version 17.8

https://msrc.microsoft.com/update-guide/

Office Online Server version

https://www.catalog.update.microsoft.com/Search.aspx?q=KB5002707

Remote Desktop client for Windows Desktop version

Visual Studio Code version

https://msrc.microsoft.com/update-guide/

Windows 10 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058387

Windows 10 HLK Version 22H2 Version

Windows 10 HLK version 20H2

Windows 10 HLK version 21H1

Windows 10 HLK version 21H2

https://msrc.microsoft.com/update-guide/

Windows 10 Version 1607 Version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383

Windows 10 Version 1809

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392

Windows 10 Version 21H2

Windows 10 Version 22H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058379

Windows 11 HLK Version 22H2

Windows 11 HLK 24H2 Version

https://msrc.microsoft.com/update-guide/

Windows 11 Version 22H2

Windows 11 Version 23H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405

Windows 11 Version 24H2

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497

Windows App Client for Windows Desktop Version

Windows HLK Version 1809 Version

Windows HLK for Windows 10 version 2004 Version

Windows HLK for Windows Server 2019 version

Windows HLK for Windows Server 2022 version

Windows HLK for Windows Server 2025 version

https://msrc.microsoft.com/update-guide/

Windows Server 2008 R2 Service Pack 1 version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058430

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058454

Windows Server 2008 Service Pack 2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058449

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058429

Windows Server 2012 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058451

Windows Server 2012 R2 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058403

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058380

Windows Server 2016 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058383

Windows Server 2019 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058392

Windows Server 2022 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058385

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058500

Windows Server 2022, 23H2 Edition version

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058384

Windows Server 2025 editions

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058497

MS Family May 2025 Routine Security Update Advisory

Overview

Affected Products

Apps family

Azure Family

Developer Tools suite

ESU Family

Microsoft Dynamics Suite

Microsoft Office Suite

System Center Suite

Windows 系列

Resolved Vulnerabilities

Apps family

Azure family

Developer Tools suite

Microsoft Dynamics Suite

Microsoft Office Suite

System Center Suite

Windows family

Vulnerability Patches

F5 Product Update Advisory (CVE-2025-31644)

ManageEngine (ADAudit Plus, ADSelfService Plus) Family May 2025 Security Update Advisory

Overview

Affected Products

Apps family

Azure Family

Developer Tools suite

ESU Family

Microsoft Dynamics Suite

Microsoft Office Suite

System Center Suite

Windows 系列

Resolved Vulnerabilities

Apps family

Azure family

Developer Tools suite

Microsoft Dynamics Suite

Microsoft Office Suite

System Center Suite

Windows family

Vulnerability Patches

Tags:

F5 Product Update Advisory (CVE-2025-31644)

ManageEngine (ADAudit Plus, ADSelfService Plus) Family May 2025 Security Update Advisory