Microsoft’s May Patch Tuesday Fixes Five Zero-days
On May 14 Microsoft shipped patches for 72 CVEs, including five flaws already under active attack, two giving instant SYSTEM privileges via the Windows kernel. Ransomware crews chained the CLFS bug with commodity loaders within 48 hours, so admins were urged to patch immediately. CrowdStrike and ZDI praised the rapid fixes but warned that unpatched endpoints remain low-hanging fruit.
How to protect your organization:
- Automate deployment of security updates across all endpoints.
- Use browser isolation to prevent privilege escalation from web-based exploits.
- Monitor for abnormal behaviors indicating exploitation attempts.
Why it matters:
Automating patch management and using certificate-based authentication helps ensure only trusted users and devices can access critical systems, even if vulnerabilities are present.
AVCheck Crimeware Service Seized
From May 27–30, the FBI, Dutch police, and U.S. DoJ shut down AVCheck and three associated crypting sites used by criminals to test malware against antivirus tools. Seizure banners now replace the sites, and authorities obtained user data linking the platforms to ransomware groups. They expect follow-up arrests, though researchers warn copycats will likely emerge soon.
How to protect your organization:
- Monitor for unusual outbound traffic and repeated scans.
- Block unapproved or unsigned software from running on endpoints.
- Use static application security testing during development to catch vulnerabilities early.
Why it matters:
Digitally signing your software with SSL.com’s EV Code Signing Certificates ensures your applications are trusted and tamper-proof, helping prevent malware distribution and boosting user confidence.
Build Trust with Every Download
Coca-Cola Middle East Hit by Everest Ransomware
Between May 22–27, the Everest gang leaked a 500MB archive with HR records of ~1,000 Coca-Cola employees after a $20M ransom demand was ignored. Data includes passport scans, salaries, and admin lists, now circulating on dark-web forums, fueling identity theft concerns. Coca-Cola and bottler CCEP are running separate probes into possible broader fallout.
How to protect your organization:
- Restrict admin-level access to validated users only.
- Use user behavior analytics to detect unusual access, especially in HR and IT.
- Store sensitive documents in secure, access-controlled environments.
Why it matters:
SSL.com’s Client Authentication Certificates require certificate-based identity verification for system access, reducing the risk of impersonation and phishing.
Authenticate Users. Block Intrusions.
Adidas Discloses Customer Data Breach
On May 23, Adidas disclosed a breach at a third-party customer-service vendor, exposing consumer data like contact info and order numbers (no payment data). The company isolated systems, launched forensics, and notified regulators within 72 hours. The incident ends a tough month for retail, following earlier cyberattacks on Marks & Spencer and Victoria’s Secret.
How to protect your organization:
- Require identity verification for all vendor-facing systems.
- Oversee and restrict access to sensitive records managed by external teams.
- Monitor for abnormal access requests from third-party accounts.
Why it matters:
Client Authentication Certificates help ensure only authorized users—internal or external—can access sensitive data, mitigating third-party risk.
Secure Vendor Access with Confidence
Marks & Spencer Counts the Cost of Easter Cyber-attack
Marks & Spencer said on May 21 that the Easter supply chain cyberattack will cut annual profit by £300M ($403M). Stores and e-commerce were crippled; staff still order manually, online shopping and loyalty perks remain offline, and some food items are scarce. Analysts say the attack shows how a single compromised vendor can hobble a major retailer for months.
How to protect your organization:
- Isolate and monitor third-party access to critical systems.
- Segment networks to protect payment and customer data.
- Deploy endpoint detection tools for rapid incident response.
Why it matters:
Strict access controls and certificate-based authentication for third parties help protect business continuity and customer trust during supply chain disruptions.
Updates & Announcements
CA/Browser Forum (CABF) Developments & Reminders:- S/MIME Developments: Ballot SMC011 proposes allowing European Unique Identifiers (EUID) for EU/EEA organization validation.
- Key deadlines: CAA checking (mandatory since March 15), MPIC validation (May 15), and Legacy profile deprecation (July 15).
- SSL/TLS Validity: The trend toward shorter certificate lifespans continues, reinforcing the importance of automation for certificate management.
- Starting September 15, 2025, SSL.com will issue TLS server certificates without the Client Authentication EKU aligning with Google Chrome’s Root Program Policy. Review our guide to prepare.
