*Important note: These are not the only vulnerabilities that were recently released; however, these are the vulnerabilities RedLegg has identified as critical and require immediate attention.

VULNERABILITIES

Microsoft Scripting Engine Memory Corruption Vulnerability 

CVSS Score: 7.5 (High)
Identifier: CVE-2025-30397
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-30397 – Microsoft Security Advisory 

Description: CVE-2025-30397 is a memory corruption vulnerability in the Microsoft Scripting Engine. The flaw arises from improper handling of objects in memory, leading to a type of confusion condition. An unauthenticated attacker can exploit this vulnerability by convincing a user to open a specially crafted website or email, leading to remote code execution in the context of the current user. This vulnerability has been actively exploited in the wild, making it a significant security concern.

Mitigation Recommendation: Microsoft has released security updates to address this vulnerability as part of the May 2025 Patch Tuesday. Administrators are strongly advised to apply these updates immediately. If immediate patching is not feasible, it is recommended to disable Internet Explorer 11 as a standalone browser using administrative templates in Group Policy, begin migration planning if business-critical applications still require IE mode, and educate users on phishing awareness and training.

Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-30400
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-30400 – Microsoft Security Advisory

Description: CVE-2025-30400 is a high-severity elevation of privilege vulnerability in the Windows Desktop Window Manager (DWM) Core Library. The flaw arises from a use-after-free condition that allows a local attacker with limited privileges to execute arbitrary code with SYSTEM-level access. This vulnerability has been actively exploited in the wild, making it a significant security concern.

Mitigation Recommendation: Microsoft has released security updates to address this vulnerability as part of the May 2025 Patch Tuesday. Administrators are strongly advised to apply these updates immediately. If immediate patching is not feasible, it is recommended to implement additional security measures such as restricting access to vulnerable systems and monitoring for unusual activity.

Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-32701
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-32701 – Microsoft Security Advisory 

Description: CVE-2025-32701 is a high-severity elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver. The flaw arises from a use-after-free condition that allows a local attacker with limited privileges to execute arbitrary code with SYSTEM-level access. This vulnerability has been actively exploited in the wild, making it a significant security concern.

Mitigation Recommendation: Microsoft has released security updates to address this vulnerability as part of the May 2025 Patch Tuesday. Administrators are strongly advised to apply these updates immediately. If immediate patching is not feasible, it is recommended to implement additional security measures such as restricting access to vulnerable systems and monitoring for unusual activity.

Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-32706
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-32706 – Microsoft Security Advisory

Description: CVE-2025-32706 is a high-severity elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver. The flaw arises from improper input validation, allowing an authenticated local attacker to execute arbitrary code with SYSTEM-level privileges. This vulnerability has been actively exploited in the wild, making it a significant security concern.

Mitigation Recommendation: Microsoft has released security updates to address this vulnerability as part of the May 2025 Patch Tuesday. Administrators are strongly advised to apply these updates immediately. If immediate patching is not feasible, it is recommended to implement additional security measures such as restricting access to vulnerable systems and monitoring for unusual activity.

Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVSS Score: 7.8 (High)
Identifier: CVE-2025-32709
Exploit or POC: Yes – Actively exploited in the wild
Update: CVE-2025-32709 – Microsoft Security Advisory 

Description: CVE-2025-32709 is a high-severity vulnerability in the Windows Ancillary Function Driver (AFD) for WinSock. The flaw arises from a use-after-free condition, allowing an authenticated local attacker to execute arbitrary code with SYSTEM-level privileges. This vulnerability has been actively exploited in the wild, making it a significant security concern.

Mitigation Recommendation: Microsoft has released security updates to address this vulnerability as part of the May 2025 Patch Tuesday. Administrators are strongly advised to apply these updates immediately. If immediate patching is not feasible, it is recommended to implement additional security measures such as restricting access to vulnerable systems and monitoring for unusual activity.

Note: Given the active exploitation of this vulnerability, prompt action is essential to secure affected systems. Regularly reviewing and applying security updates is vital to maintaining the integrity and security of your infrastructure.