Table of Contents
- Are You Missing These Vital May 2025 Microsoft Office and SharePoint Security Fixes?
- Key Highlights from the May 2025 Office Updates
- Security Patches for Office 2016 (MSI-based Installations)
- Click-to-Run (C2R) Office Updates
- Additional Notes and User Feedback
- How to Apply the Updates
- Summary of Action Steps
- Benefits of Immediate Update
Microsoft released a comprehensive set of security updates for Microsoft Office products on May 13, 2025, targeting multiple vulnerabilities and enhancing the security posture for businesses and end users.
Key Highlights from the May 2025 Office Updates
Security Patches for Office 2016 (MSI-based Installations)
- KB5002717: Addresses multiple remote code execution (RCE) vulnerabilities in Excel 2016, including CVE-2025-29977, CVE-2025-29979, CVE-2025-30375, CVE-2025-30376, CVE-2025-30379, CVE-2025-30381, and CVE-2025-30383.
- KB5002695: Resolves an RCE vulnerability (CVE-2025-32704) in Office 2016.
- KB5002711: Fixes RCE vulnerabilities CVE-2025-30377 and CVE-2025-30386 in Office 2016.
- KB5002716: Patches another RCE vulnerability (CVE-2025-30379) in Office 2016.
- These updates are available for MSI-based installations only. Click-to-Run (C2R) versions, such as Office 365, receive updates through different channels.
Click-to-Run (C2R) Office Updates
- Updates are automatically delivered for Office 2016, 2019, 2021, 2024, and 365 through the Office Update feature.
- Notable builds released for various channels:
- Current Channel: Version 2504 (Build 18730.20168)
- Monthly Enterprise Channel: Versions 2501–2503
- Semi-Annual Enterprise Channel: Versions 2402, 2408, and 2502
- Office LTSC and Retail versions also updated to the latest builds.
- SharePoint and Office Online Server Updates:
- SharePoint Server Subscription Edition: KB5002709
- SharePoint Server 2019: KB5002708 (core) and KB5002706 (language pack)
- SharePoint Server 2016: KB5002722 (core) and KB5002712 (language pack)
- Office Online Server: KB5002707.
Additional Notes and User Feedback
The May 2025 update cycle addressed 72 vulnerabilities, including five actively exploited zero-days and six critical flaws, most of which were remote code execution risks.
A previously reported CPU spike issue in Outlook 365 while typing has been resolved with these updates.
Some users have reported ongoing issues inserting pictograms/icons in Office 2019 and 2021, with only a white window appearing. Microsoft may have disabled the icon servers, and a definitive fix is yet to be confirmed.
How to Apply the Updates
- For MSI-based Office 2016, updates can be installed via Microsoft Update, the Update Catalog, or the Microsoft Download Center. Automatic updates are recommended for timely protection.
- C2R versions update automatically through the Office Update feature.
- SharePoint and Office Online Server updates are cumulative; only the latest update needs to be installed to ensure all previous fixes are applied.
Summary of Action Steps
- Ensure all Office installations (MSI and C2R) are updated to the latest versions.
- For SharePoint and Office Online Server, apply the latest cumulative update for full protection.
- Verify that automatic updates are enabled for ongoing security.
Benefits of Immediate Update
- Protects against actively exploited vulnerabilities and critical remote code execution flaws.
- Ensures compliance with security best practices for business and personal use.
- Reduces risk of data breaches and system compromise.
Stay proactive by regularly checking for new updates and monitoring official Microsoft channels for issue resolutions and further improvements.