Microsoft's Patch Tuesday Update Targets 120 Security Flaws

Microsoft's Patch Tuesday Update Targets 120 Security Flaws

Briefly

"Microsoft's May Patch Tuesday is a large one, even without a zero-day fire drill. The company patched 120 vulnerabilities across Windows and other Microsoft products, including 31 remote code execution flaws and 61 privilege escalation flaws. Microsoft did not list any of the vulnerabilities as actively exploited at the time of release, but IT teams should still treat the update as a priority."

"That matters because attackers often move quickly after patches land, using the fixes themselves as a map to build working exploits against unpatched systems. Details of May's Patch Tuesday Microsoft released both security and feature updates for Windows 11 versions 24H2/25H2 (KB5089549) and 23H2 (KB5087420), while eligible Windows 10 devices received only security updates."

"In general, Microsoft's May cumulative updates include a mix of security patches, reliability improvements, and user-facing changes. Among the additions are File Explorer improvements, expanded archive format support, voice typing refinements, and the emergence of Xbox Mode on Desktops for gaming-focused experiences on Windows PCs. The Windows 10 update focused on Remote Desktop warnings, Secure Boot, and a Daylight Saving Time update for users in Egypt."

"Microsoft also says the update improves startup app performance and haptic feedback support for compatible pen accessories. Alongside these feature changes, the company patched 120 security flaws, organized into the following broader vulnerability types: Privilege Elevation Flaws (61) and Remote Code Execution, or RCEs (31). Successful exploitation of this vulnerability will allow an attacker to execute malicious activities as admin, further increasing the exploit's scope."