Citing legacy system risks and prioritization needs, cybersecurity firms are stressing urgent patching for five of 71 exploited Microsoft vulnerabilities.
The latest Patch Tuesday fixes have drawn swift, unified attention from cybersecurity experts, with all major firms urging immediate action on five actively exploited zero-day vulnerabilities.
While Microsoft has rated these flaws as “Important,” not “Critical,” industry consensus is that organizations should treat them as top-priority threats due to confirmed “in-the-wild” attacks.
Firms such as Ivanti, Rapid7, Tenable and Trend Micro have all spoken up to highlight the urgency of patching, but their analyses reveal important nuances for IT teams. For example, CVE-2025-30397 — a scripting engine remote code execution bug — requires Microsoft Edge in Internet Explorer mode and user interaction to exploit. As a Rapid7 spokesperson has pointed out, the risk rises sharply for enterprises that still rely on legacy IE compatibility, making asset inventory and policy review essential.
Trend Micro researchers have noted that, while the technical prerequisites limit mass exploitation, the presence of legacy workflows in many organizations keeps this threat relevant.
According to Tenable’s Senior Staff Research Engineer, Satnam Narang, “Despite clear exploitation in the wild, we’re not likely to see broad exploitation of this bug due to the number of pre-requisites. We haven’t seen very many scripting engine flaws over the last three years. However, in August 2024, another scripting engine memory corruption zero-day, CVE-2024-38178, was reported as exploited in the wild by researchers as well as the National Cyber Security Center (NCSC), Republic of Korea. It’s unclear if this is related to follow-on attacks.”
A commentary by Ivanti has gone further, stating their risk model would elevate all five zero-days to “Critical,” regardless of Microsoft’s official ratings. They advise prioritizing patch deployment on endpoints with exposure to the vulnerable components and leveraging automation for rapid rollout.
Another recurring theme in May 2025’s fixes is the continued targeting of elevation of privilege bugs in components such as the Desktop Window Manager and Common Log File System drivers. Experts emphasize the pattern of repeated exploitation in these areas, urging organizations to maintain vigilance even after patching.