Cybersecurity News

Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched

Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has been publicly disclosed. The June 2025 security release represents a significant update, featuring 10 critical […] The post Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched appeared first on Cyber Security News.

Jun 10, 2025 - 22:40
 0
Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched

Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has been publicly disclosed.

The June 2025 security release represents a significant update, featuring 10 critical vulnerabilities that require immediate attention from IT administrators worldwide.

The June 2025 Patch Tuesday addresses vulnerabilities across multiple categories:

  • 25 Remote Code Execution vulnerabilities
  • 13 Elevation of Privilege vulnerabilities
  • 17 Information Disclosure vulnerabilities
  • 6 Denial of Service vulnerabilities
  • 3 Security Feature Bypass vulnerabilities
  • 2 Spoofing vulnerabilities

Zero-Day Vulnerability Under Attack

The most concerning vulnerability in this month’s release is CVE-2025-33053, a remote code execution flaw in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) service.

Security researchers from Check Point Research discovered this vulnerability being actively exploited by the Stealth Falcon advanced persistent threat (APT) group in targeted attacks against defense organizations.

The WebDAV vulnerability allows remote attackers to execute arbitrary code on affected systems when users click on specially crafted WebDAV URLs.

Check Point’s investigation revealed that Stealth Falcon used malicious .url files to exploit this zero-day, manipulating the working directory of legitimate Windows tools to execute malware from actor-controlled WebDAV servers.

A second zero-day vulnerability, CVE-2025-33073, was not actively exploited, yet it affects Windows SMB Client and enables elevation of privilege attacks over networks. This publicly disclosed flaw allows authorized attackers to gain SYSTEM privileges by executing specially crafted scripts that coerce victim machines to authenticate via SMB.

German security firm RedTeam Pentesting originally discovered this vulnerability, with warnings circulating through DFN-CERT before Microsoft’s official patch.

Microsoft Office applications received significant attention with multiple critical remote code execution fixes, including heap-based buffer overflow vulnerabilities that could enable local code execution without user interaction. SharePoint Server also received critical patches for remote code execution flaws that could compromise enterprise collaboration environments.

Several core Windows components received critical security updates, including the Windows KDC Proxy Service (KPSSVC) which had a use-after-free vulnerability enabling network-based code execution.

The Windows Netlogon service received a critical elevation of privilege fix, while Windows Remote Desktop Services addressed a critical remote code execution vulnerability.

The Schannel component, responsible for secure communications, received a critical remote code execution patch affecting Windows cryptographic services. These fixes are particularly important for organizations running Windows Server environments and remote access solutions.

Security experts recommend prioritizing the installation of these updates, especially for the two zero-day vulnerabilities. The WebDAV zero-day (CVE-2025-33053) poses an immediate risk to organizations with internet-facing systems, while the SMB vulnerability (CVE-2025-33073) threatens internal network security.

Microsoft Patch Tuesday June 2025 List

TagCVE IDCVE TitleSeverity
Microsoft OfficeCVE-2025-47164Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-47167Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-47162Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2025-47953Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office SharePointCVE-2025-47172Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
Windows Cryptographic ServicesCVE-2025-29828Windows Schannel Remote Code Execution VulnerabilityCritical
Windows KDC Proxy Service (KPSSVC)CVE-2025-33071Windows KDC Proxy Service (KPSSVC) Remote Code Execution VulnerabilityCritical
Windows NetlogonCVE-2025-33070Windows Netlogon Elevation of Privilege VulnerabilityCritical
Windows Remote Desktop ServicesCVE-2025-32710Windows Remote Desktop Services Remote Code Execution VulnerabilityCritical
.NET and Visual StudioCVE-2025-30399.NET and Visual Studio Remote Code Execution VulnerabilityImportant
App Control for Business (WDAC)CVE-2025-33069Windows App Control for Business Security Feature Bypass VulnerabilityImportant
Microsoft AutoUpdate (MAU)CVE-2025-47968Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityImportant
Microsoft Local Security Authority Server (lsasrv)CVE-2025-33056Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2025-47173Microsoft Office Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-47165Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office ExcelCVE-2025-47174Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2025-47171Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office OutlookCVE-2025-47176Microsoft Outlook Remote Code Execution VulnerabilityImportant
Microsoft Office PowerPointCVE-2025-47175Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-47166Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2025-47163Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-47170Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-47957Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-47169Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2025-47168Microsoft Word Remote Code Execution VulnerabilityImportant
Nuance Digital Engagement PlatformCVE-2025-47977Nuance Digital Engagement Platform Spoofing VulnerabilityImportant
Remote Desktop ClientCVE-2025-32715Remote Desktop Protocol Client Information Disclosure VulnerabilityImportant
Visual StudioCVE-2025-47959Visual Studio Remote Code Execution VulnerabilityImportant
WebDAVCVE-2025-33053Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution VulnerabilityImportant
Windows Common Log File System DriverCVE-2025-32713Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows DHCP ServerCVE-2025-33050DHCP Server Service Denial of Service VulnerabilityImportant
Windows DHCP ServerCVE-2025-32725DHCP Server Service Denial of Service VulnerabilityImportant
Windows DWM Core LibraryCVE-2025-33052Windows DWM Core Library Information Disclosure VulnerabilityImportant
Windows HelloCVE-2025-47969Windows Virtualization-Based Security (VBS) Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2025-33075Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2025-32714Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2025-33067Windows Task Scheduler Elevation of Privilege VulnerabilityImportant
Windows Local Security Authority (LSA)CVE-2025-33057Windows Local Security Authority (LSA) Denial of Service VulnerabilityImportant
Windows Local Security Authority Subsystem Service (LSASS)CVE-2025-32724Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityImportant
Windows MediaCVE-2025-32716Windows Media Elevation of Privilege VulnerabilityImportant
Windows Recovery DriverCVE-2025-32721Windows Recovery Driver Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2025-47955Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-33064Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows Routing and Remote Access Service (RRAS)CVE-2025-33066Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityImportant
Windows SDKCVE-2025-47962Windows SDK Elevation of Privilege VulnerabilityImportant
Windows Secure BootCVE-2025-3052Cert CC: CVE-2025-3052 InsydeH2O Secure Secure Boot BypassImportant
Windows Security AppCVE-2025-47956Windows Security App Spoofing VulnerabilityImportant
Windows ShellCVE-2025-47160Windows Shortcut Files Security Feature Bypass VulnerabilityImportant
Windows SMBCVE-2025-33073Windows SMB Client Elevation of Privilege VulnerabilityImportant
Windows SMBCVE-2025-32718Windows SMB Client Elevation of Privilege VulnerabilityImportant
Windows Standards-Based Storage Management ServiceCVE-2025-33068Windows Standards-Based Storage Management Service Denial of Service VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-24065Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-24068Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-24069Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-32719Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-32720Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33055Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33058Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33059Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33060Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33061Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33062Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33063Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Management ProviderCVE-2025-33065Windows Storage Management Provider Information Disclosure VulnerabilityImportant
Windows Storage Port DriverCVE-2025-32722Windows Storage Port Driver Information Disclosure VulnerabilityImportant
Windows Win32K – GRFXCVE-2025-32712Win32k Elevation of Privilege VulnerabilityImportant

Microsoft has indicated that proof-of-concept exploits could be rapidly developed by analyzing the published security updates, making swift deployment critical.

Organizations should prioritize patching internet-facing systems and domain-joined machines first, while implementing network segmentation as an additional defensive measure.

The June 2025 Patch Tuesday represents one of the more significant monthly releases, combining actively exploited threats with comprehensive fixes across Microsoft’s enterprise and consumer product lines.

Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access

The post Microsoft Patch Tuesday June 2025 – Exploited zero-day and Other 65 Vulnerabilities Patched appeared first on Cyber Security News.

Read More

Tags:

Previous Article

APT Hackers Exploited Windows WebDAV 0-Day RCE Vulnerability in the Wild to Depl...

Next Article

How to Secure Kubernetes Clusters – A Cybersecurity Perspective

Related Posts

Securing Generative AI – Mitigating Data Leakage Risks

Securing Generative AI – Mitigating Data Leakage Risks

May 17, 2025  0

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

INE Security Alert: Continuous CVE Practice Closes Crit...

May 14, 2025  0

Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups

Aembit Named to Rising in Cyber 2025 List of Top Cybers...

Jun 4, 2025  0