CVE-2025-29971
published 2025-05-13CVE-2025-29971: Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
56.98%
98.9th percentile
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.5335 | 10.0.22621.5335 |
| microsoft | windows_11_23h2 | < 10.0.22631.5335 | 10.0.22631.5335 |
| microsoft | windows_11_24h2 | < 10.0.26100.4061 | 10.0.26100.4061 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.5335 | 10.0.22621.5335 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.5335 | 10.0.22631.5335 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.5335 | 10.0.22631.5335 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.4061 | 10.0.26100.4061 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target component is WTD.sys (Web Threat Defense kernel driver); monitor for crashes or unexpected behavior in this driver as a DoS indicator ↗
- →Exploitation vector is network-based and unauthenticated; monitor for anomalous inbound network traffic triggering WTD.sys faults or system instability ↗
- →Microsoft rates this as 'Exploitation More Likely'; prioritize detection and patching of systems running Web Threat Defense (WTD.sys) ↗
- ·Customer action is required to remediate; patches are available via KB5058405, KB5058411, and KB5061258 ↗
- ·As of publication, the vulnerability has not been publicly disclosed or exploited in the wild, but exploitation is rated 'More Likely' for the latest software release ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-57q8-vxgg-mfqw: Out-of-bounds read in Web Threat Defense (WTD
ghsa_unreviewed·2025-05-13
CVE-2025-29971 [HIGH] CWE-125 GHSA-57q8-vxgg-mfqw: Out-of-bounds read in Web Threat Defense (WTD
Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
Microsoft
Web Threat Defense (WTD.sys) Denial of Service Vulnerability
vendor_msrc·2025-05-13·CVSS 7.5
CVE-2025-29971 [HIGH] CWE-125 Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Web Threat Defense (WTD.sys) Denial of Service Vulnerability
Description: Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
Web Threat Defense (WTD.sys): Web Threat Defense (WTD.sys)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058405
Reference: https://support.microsoft.com/help/5058405
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5058411
Reference: https://support.microsoft.com/help/5058411
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5061258
Reference: http
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review
blogs_qualys·2025-05-13
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for May 2025
Adobe Patches for May 2025
Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Audit
Qualys Monthly Webinar Series
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for May 2025
In this month’s Patch Tuesday, Ma
Qualys
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review | Qualys
blogs_qualys·2025-05-13
Microsoft and Adobe Patch Tuesday, May 2025 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for May 2025
- Adobe Patches for May 2025
- Zero-day Vulnerabilities Patched in May Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in May Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Audit
- Qualys Monthly Webinar Series
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know.
## Microsoft Patch Tuesday for May 2025
In this month’s Patc
Talos
Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-05-13·CVSS 8.8
CVE-2025-30397 [HIGH] Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.
Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code execution vulnerability in the Microsoft Scripting Engine. There were also four elevation of privilege vulnerabilities being actively exploited, CVE-2025-32709, CVE-2025-30400, CVE-2025-32701 and CVE-2025-32706 affecting the Ancillary Function Driver for WinSock, the DWM Core Library and the Windows Common Log File System Driver.
The eleven "critical” entries consist of five remote code execution (RCE) vulnerabilities, four elevation of privilege vulnerabilities, one information disclosure
Talos
Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
blogs_talos·2025-05-13·CVSS 8.8
CVE-2025-30397 [HIGH] Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.
Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code execution vulnerability in the Microsoft Scripting Engine. There were also four elevation of privilege vulnerabilities being actively exploited, CVE-2025-32709 , CVE-2025-30400 , CVE-2025-32701 and CVE-2025-32706 affecting the Ancillary Function Driver for WinSock, the DWM Core Library and the Windows Common Log File System Driver.
The eleven "critical” entries consist of five remote code execution (RCE) v
Bleepingcomputer
Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
blogs_bleepingcomputer·2025-05-13·CVSS 7.8
[HIGH] Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
## Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws
## Lawrence Abrams
Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities.
This Patch Tuesday also fixes six "Critical" vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug.
The number of bugs in each vulnerability category is listed below:
17 Elevation of Privilege Vulnerabilities
2 Security Feature Bypass Vulnerabilities
28 Remote Code Execution Vulnerabilities
15 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities
This count does not include Azure, Dataverse, Mariner, and Microsof
2025-05-13
Published