Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review

Microsoft’s May 2025 Patch Tuesday addresses 76 vulnerabilities across Windows, Office and related products (including five critical RCEs and five zero-days observed in the wild), while Adobe released advisories for 40 vulnerabilities (32 critical). The bulletin lists key CVEs (with several added to CISA’s Known Exploited Vulnerabilities Catalog), impacted components (DWM, CLFS, AFD, scripting engines, VMBus, RDP, Office, etc.), recommended patching timelines, and provides Qualys QQL queries and mitigation/control guidance to detect and remediate affected hosts.