In a move to bolster digital defenses, Microsoft has rolled out a series of software updates targeting at least 70 vulnerabilities across its Windows operating systems and related products. This release includes patches for five zero-day flaws that are currently under active exploitation, heightening the urgency for users to update their systems. Additionally, the update addresses two other weaknesses for which proof-of-concept exploits are publicly available, further emphasizing the need for immediate action.

Microsoft, along with several cybersecurity firms, has revealed that malicious actors are actively exploiting vulnerabilities within the Windows Common Log File System (CLFS) driver. These bugs enable attackers to escalate their privileges on affected devices. The Windows CLFS is a crucial component responsible for logging services,widely utilized by both Windows system services and third-party applications. The vulnerabilities, identified as CVE-2025-32701 and CVE-2025-32706, impact all supported versions of Windows 10 and 11, and also their server counterparts.

According to Breen, senior director of threat research at Immersive Labs, privilege escalation bugs typically require an attacker to have initial access to a compromised system, often achieved through phishing or stolen credentials. Once this access is established, attackers can leverage these vulnerabilities to gain control of the powerful Windows SYSTEM account. This level of access allows them to disable security tools or even obtain domain administration privileges through credential harvesting techniques.

“The patch notes don’t provide technical details on how this is being exploited, and no Indicators of Compromise (IOCs) are shared, meaning the only mitigation security teams have is to apply these patches immediately,” he said. “The average time from public disclosure to exploitation at scale is less than five days, with threat actors, ransomware groups, and affiliates fast to leverage these vulnerabilities.”

Additional Zero-Day Vulnerabilities Addressed

In addition to the CLFS driver flaws, Microsoft has also addressed two other zero-day vulnerabilities related to elevation of privilege. The first,CVE-2025-32709, affects afd.sys, the Windows Ancillary Function driver responsible for enabling Windows applications to connect to the Internet. The second, CVE-2025-30400, is a weakness within the Desktop Window Manager (DWM) library for Windows. Adam Barnett at Rapid7 points out that this patch arrives almost exactly one year after the disclosure of CVE-2024-30051, a previous zero-day elevation of privilege vulnerability in the same DWM component.

“The average time from public disclosure to exploitation at scale is less than five days.”

The fifth zero-day vulnerability patched in this update is CVE-2025-30397,a flaw in the Microsoft Scripting Engine,a core component utilized by Internet Explorer and Internet Explorer mode in Microsoft Edge.

Windows 11 Update Includes AI Features, Privacy Concerns

Chris Goettl at Ivant notes that the updates for Windows 11 and Server 2025 incorporate new AI features, resulting in a meaningful update size of approximately 4 gigabytes. These features include the controversial recall function, which continuously captures screenshots of user activity on Windows Copilot-enabled devices.

Microsoft has revised the Recall feature following criticism from security experts who warned of its potential as a target for attackers. While Microsoft has implemented measures to prevent Recall from capturing sensitive financial facts, privacy and security concerns persist. Kevin Beaumont has published a detailed analysis of Microsoft’s updates to Recall.

Furthermore, Windows 11 version 24H2 is now readily available for download, even for users who may not want it, according to reports.

“It will now show up for ‘download and install’ automatically if you go to Settings > Windows update and click Check for updates,but only when your device does not have a compatibility hold,” the publication reported. “Even if you don’t check for updates, Windows 11 24H2 will automatically download at some point.”

Apple Releases Security Updates for iOS, macOS, and More

Apple users are also urged to apply the latest security patches. On May 12, Apple released updates addressing at least 30 vulnerabilities in iOS and iPadOS (version 18.5). TechCrunch reports that iOS 18.5 expands emergency satellite capabilities to iPhone 13 models,previously exclusive to iPhone 14 and later.

Apple has also released updates for macOS Sequoia, Sonoma macOS, Ventura macOS, WatchOS, tvOS, and visionOS.The company stated that there is no evidence of active exploitation for any of the vulnerabilities addressed in these updates.

As always, users are advised to back up their devices and critically important data before initiating any updates.