It’s the second Tuesday of the month, and the final patch Tuesday before Pwn2Own Berlin. I know several contestants are sweating it out and hoping their entries are patched out. While they quiver with anticipation, take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our
YouTube channel. It should be posted within a couple of hours after the release.
Adobe Patches for May 2025
As of 1:30PM Central time, Adobe has not released its patches for May. This blog will be updated once they do.
Microsoft Patches for May 2025
This month, Microsoft released a reasonable 75 new CVEs in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Nuance PowerScribe, Remote Desktop Gateway Service, and Microsoft Defender. Three of these bugs were reported through the Trend ZDI program. With the additional third-party CVEs being documented, it brings the combined total to 82 CVEs.
Of the patches released today, 12 are rated Critical, and the rest are rated Important in severity. This number of fixes isn’t unusual for May, but it does put Microsoft ahead of where they were at this point last year in regards to CVEs released. It’s also unusual to see so many Office-related bugs getting patched in a single month. Perhaps this is a harbinger of attacks we can expect to see later this year.
Microsoft lists five bugs as being under active attack at the time of release, with two others being publicly known.
