Aggiornamenti Mensili Microsoft (AL01/250514/CSIRT-ITA)

Data:
14 Maggio 2025 09:00

Impatto Sistemico

Critico (76.66)

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 71 nuove vulnerabilità, 7 di tipo 0-day.

Note : il vendor afferma che le CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709, CVE-2025-30397 risultano essere sfruttate attivamente in rete.

Note : il verndor afferma che dei Proof of Concept (PoC) per lo sfruttamento delle CVE-2025-26685 e CVE-2025-32702 risultano disponibili in rete.

Tipologia

Remote Code Execution
Denial of Service
Elevation of Privilege
Spoofing
Security Feature Bypass
Information Disclosure

Prodotti e versioni affette

.NET, Visual Studio, and Build Tools for Visual Studio
Active Directory Certificate Services (AD CS)
Azure
Azure Automation
Azure DevOps
Azure File Sync
Azure Storage Resource Provider
Microsoft Brokering File System
Microsoft Dataverse
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Edge (Chromium-based)
Microsoft Office
Microsoft Office Excel
Microsoft Office Outlook
Microsoft Office PowerPoint
Microsoft Office SharePoint
Microsoft PC Manager
Microsoft Power Apps
Microsoft Scripting Engine
Remote Desktop Gateway Service
Role: Windows Hyper-V
Universal Print Management Service
UrlMon
Visual Studio
Visual Studio Code
Web Threat Defense (WTD.sys)
Windows Ancillary Function Driver for WinSock
Windows Common Log File System Driver
Windows Deployment Services
Windows Drivers
Windows DWM
Windows File Server
Windows Fundamentals
Windows Hardware Lab Kit
Windows Installer
Windows Kernel
Windows LDAP – Lightweight Directory Access Protocol
Windows Media
Windows NTFS
Windows Remote Desktop
Windows Routing and Remote Access Service (RRAS)
Windows Secure Kernel Mode
Windows SMB
Windows Trusted Runtime Interface Driver
Windows Virtual Machine Bus
Windows Win32K – GRFX

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Riferimenti

CVE

CVE-ID
CVE-2025-21264	CVE-2025-24063	CVE-2025-26646	CVE-2025-26677
CVE-2025-26684	CVE-2025-26685	CVE-2025-27468	CVE-2025-27488
CVE-2025-29826	CVE-2025-29829	CVE-2025-29830	CVE-2025-29831
CVE-2025-29832	CVE-2025-29833	CVE-2025-29835	CVE-2025-29836
CVE-2025-29837	CVE-2025-29838	CVE-2025-29839	CVE-2025-29840
CVE-2025-29841	CVE-2025-29842	CVE-2025-29954	CVE-2025-29955
CVE-2025-29956	CVE-2025-29957	CVE-2025-29958	CVE-2025-29959
CVE-2025-29960	CVE-2025-29961	CVE-2025-29962	CVE-2025-29963
CVE-2025-29964	CVE-2025-29966	CVE-2025-29967	CVE-2025-29968
CVE-2025-29969	CVE-2025-29970	CVE-2025-29971	CVE-2025-29973
CVE-2025-29974	CVE-2025-29975	CVE-2025-29976	CVE-2025-29977
CVE-2025-29978	CVE-2025-29979	CVE-2025-30375	CVE-2025-30376
CVE-2025-30377	CVE-2025-30378	CVE-2025-30379	CVE-2025-30381
CVE-2025-30382	CVE-2025-30383	CVE-2025-30384	CVE-2025-30385
CVE-2025-30386	CVE-2025-30387	CVE-2025-30388	CVE-2025-30393
CVE-2025-30394	CVE-2025-30397	CVE-2025-30400	CVE-2025-32701
CVE-2025-32702	CVE-2025-32703	CVE-2025-32704	CVE-2025-32705
CVE-2025-32706	CVE-2025-32707	CVE-2025-32709

Change log

Versione	Note	Data
1.0	Pubblicato il 14-05-2025	14/05/2025

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link

CSIRT Toscana

CSIRT Toscana