Microsoft has released its June 2025 Patch Tuesday security updates, addressing 66 vulnerabilities across Windows, Office, Exchange Server, Azure, Visual Studio, and other products. This includes fixes for two zero-day vulnerabilities, with one being actively exploited in the wild.
The two zero-days are a Web Distributed Authoring and Versioning (WebDAV) remote code execution vulnerability (CVE-2025-33053) and a Windows SMB Client elevation of privilege flaw (CVE-2025-33073). The WebDAV vulnerability has been exploited by an advanced persistent threat (APT) group called "Stealth Falcon" in targeted attacks against defense organizations.
Other critical flaws include multiple remote code execution bugs in Microsoft Office (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), a Windows Schannel RCE vulnerability (CVE-2025-29828), a Windows Remote Desktop Services RCE flaw (CVE-2025-32710), and a Windows KDC Proxy Service RCE bug (CVE-2025-33071).
In total, Microsoft addressed 10 critical vulnerabilities and 56 important ones. The most common issues are remote code execution (25 bugs), information disclosure (17 bugs), and elevation of privilege (13 bugs).
Key products receiving security updates include Windows, Office, SharePoint, Visual Studio, Power Automate, WebDAV, and various Windows components. Administrators should prioritize testing and deploying patches for the actively exploited zero-day and the critical remote code execution flaws, particularly those affecting Office applications where the Preview Pane is listed as an attack vector.
Additional steps may be required to fully remediate some vulnerabilities, and organizations should carefully review Microsoft's advisories for specific guidance. Overall, applying these critical monthly security updates helps harden environments against emerging threats and sophisticated attack campaigns.
In this monthly report, we'll break down these zero-day threats along with other major critical issues addressed. Our analysis will examine severity ratings, exploitation vectors, and remediation advice to underscore the essential patches for prioritization. Whether you manage Windows clients and servers or cloud-based services, applying these latest critical and important updates helps secure environments as we progress through 2025.
In June's Patch Tuesday, Microsoft addressed 66 flaws, including two zero-day vulnerabilities, with one actively exploited in the wild. This update included patches across categories like remote code execution, elevation of privilege, information disclosure, denial of service, security feature bypass, and spoofing vulnerabilities.
The key affected products in this update span across Microsoft's product range, including Windows, Office, SharePoint, Visual Studio, Power Automate, WebDAV, and various Windows system components. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.
Key Highlights are:
Total Flaws and Zero-Day Vulnerabilities: The June update includes 66 flaws, with two zero-day vulnerabilities, one of which was actively exploited by the APT group "Stealth Falcon."
Critical Flaws: Among the patches, ten critical flaws were fixed, including multiple Office RCE vulnerabilities, a WebDAV RCE flaw, Windows Schannel RCE, Windows Remote Desktop Services RCE, and a Windows KDC Proxy Service RCE.
Variety of Vulnerability Types: The vulnerabilities addressed include 25 Remote Code Execution vulnerabilities, 17 Information Disclosure vulnerabilities, 13 Elevation of Privilege vulnerabilities, 6 Denial of Service vulnerabilities, 3 Security Feature Bypass vulnerabilities, and 2 Spoofing vulnerabilities.
Actively Exploited Zero-Day: The actively exploited zero-day vulnerability is CVE-2025-33053, affecting Web Distributed Authoring and Versioning (WebDAV), which was used in targeted attacks against defense organizations.
Publicly Disclosed Zero-Day: CVE-2025-33073, a Windows SMB Client elevation of privilege vulnerability that allows attackers to gain SYSTEM privileges, was publicly disclosed before a patch was available.
Noteworthy Critical-Rated Bugs: Other critical-rated bugs include four Microsoft Office RCE vulnerabilities (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953) where the Preview Pane is an attack vector, a Windows Schannel RCE (CVE-2025-29828), and a Windows Netlogon elevation of privilege flaw (CVE-2025-33070).
Office Attack Surface: Multiple Office components received critical patches, including Word, Excel, Outlook, PowerPoint, and SharePoint Server, with several vulnerabilities exploitable through the Preview Pane.
This June's Patch Tuesday highlights Microsoft's ongoing commitment to securing its wide range of products against sophisticated threat actors and zero-day exploitation campaigns targeting enterprise environments.
In June 2025, Microsoft addressed two zero-day vulnerabilities in its Patch Tuesday release. One of these vulnerabilities was actively exploited in the wild by an advanced persistent threat (APT) group, while the other was publicly disclosed before a patch became available. These vulnerabilities posed immediate risks to affected systems and required urgent attention.
This vulnerability allows an unauthenticated attacker to execute arbitrary code on affected systems through the Windows WebDAV implementation. The flaw has a CVSS v3 base score of 8.8 and is rated as Important severity, though it was actively exploited as a zero-day before patches were available.
According to Check Point Research, who discovered and reported this vulnerability, CVE-2025-33053 was exploited by an APT group known as "Stealth Falcon" in targeted attacks against defense companies. The attack campaign was first identified in March 2025 when Check Point researchers observed an attempted cyberattack against a defense company in Turkey.
The threat actors used a previously undisclosed technique to execute files hosted on a WebDAV server they controlled by manipulating the working directory of a legitimate built-in Windows tool. Successful exploitation requires the attacker to convince a user to click on a specially crafted WebDAV URL, making social engineering a key component of the attack vector.
Interestingly, Microsoft had deprecated the Windows WebDAV implementation (WebClient service) in November 2023, meaning it no longer starts by default. However, the service can still be enabled, and all supported Windows versions, including newer releases like Server 2025 and Windows 11 24H2, receive patches for this vulnerability.
This vulnerability affects the Windows Server Message Block (SMB) client and allows an authenticated attacker to elevate privileges to SYSTEM level. The flaw has a CVSS v3 base score of 8.8 and is rated as Important severity. Unlike the WebDAV vulnerability, this zero-day was publicly disclosed rather than actively exploited.
The vulnerability involves improper access control in Windows SMB that enables privilege escalation over a network. To exploit this flaw, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB credentials and authenticate. Successful exploitation could result in elevation of privilege to SYSTEM level.
According to reports, DFN-CERT (Computer Emergency Response Team of the German Research Network) began circulating warnings from RedTeam Pentesting about this vulnerability before the patch was released. The flaw was discovered by multiple security researchers, including Keisuke Hirata with CrowdStrike, Synacktiv research team, Stefan Walter with SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw of Google Project Zero.
While an update is now available through this Patch Tuesday release, Microsoft notes that the vulnerability can be mitigated by enforcing server-side SMB signing via Group Policy as an interim measure for organizations that cannot immediately deploy the patch.
Both zero-day vulnerabilities underscore the continued targeting of Windows infrastructure by sophisticated threat actors and the importance of rapid patch deployment to prevent exploitation in enterprise environments.
Here's a table for the Zero-Day Vulnerabilities section:
CVE ID
|
Description
|
CVSSv3
|
Severity
|
Exploited?
|
Publicly Disclosed?
|
---|---|---|---|---|---|
CVE-2025-33053
|
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability
|
8.8
|
Important
|
Yes
|
No
|
CVE-2025-33073
|
Windows SMB Client Elevation of Privilege Vulnerability
|
8.8
|
Important
|
No
|
Yes
|
Microsoft's June 2025 security updates addressed ten critical vulnerabilities that could be exploited to achieve remote code execution or elevation of privilege. These flaws represent significant risks that malicious actors could leverage in attacks. Promptly patching critical issues should be a top priority for security teams.
Four critical remote code execution vulnerabilities in Microsoft Office components pose immediate risks to organizations. CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953 all share CVSS v3 scores of 8.4 and were discovered by prolific security researcher 0x140ce.
What makes these vulnerabilities particularly dangerous is that the Preview Pane is listed as an attack vector for CVE-2025-47162, CVE-2025-47164, and CVE-2025-47167, meaning users don't need to fully open malicious documents to trigger exploitation. Microsoft has assessed three of these vulnerabilities as "Exploitation More Likely" in their Exploitability Index.
The vulnerabilities affect various Office components through different attack mechanisms:
CVE-2025-47162: Heap-based buffer overflow allowing remote code execution
CVE-2025-47164 and CVE-2025-47953: Use-after-free flaws enabling arbitrary code execution
CVE-2025-47167: Type confusion vulnerability leading to remote code execution
CVE-2025-33071 represents a critical unauthenticated remote code execution vulnerability in the Windows KDC Proxy Service (KPSSVC) with a CVSS v3 score of 8.1. This service allows clients to communicate with Kerberos Key Distribution Centers over HTTPS instead of TCP, acting as a bridge for authentication requests.
The vulnerability involves a use-after-free flaw that could allow an unauthenticated attacker to achieve remote code execution by exploiting a cryptographic protocol weakness. While exploitation requires the attacker to win a race condition, Microsoft still considers exploitation "More Likely."
The concern is heightened because KDC proxy servers are often exposed to untrusted networks to facilitate Kerberos authentication from external clients, making them attractive targets for attackers. Only Windows Server assets configured as Kerberos Key Distribution Center Proxy Protocol servers are affected, which is not standard configuration for domain controllers.
CVE-2025-29828 is a critical remote code execution vulnerability in Windows Schannel (Secure Channel) with a CVSS v3 score of 8.1. Schannel is a Security Support Provider used by Windows to implement SSL and TLS protocols.
The vulnerability involves missing memory release after an effective lifetime that may allow an unauthenticated attacker to execute code over a network. Attackers can exploit this flaw by maliciously using fragmented ClientHello messages against target servers that accept TLS connections.
CVE-2025-32710 affects Windows Remote Desktop Services (RDS), formerly Terminal Services, which allows users to access Windows applications and desktops remotely. This critical vulnerability has a CVSS v3 score of 8.1.
The flaw involves a use-after-free condition that may allow an unauthenticated attacker to execute code over a network. To successfully exploit this vulnerability, an attacker must win a race condition, but the remote nature and lack of authentication requirements make this a high-priority patch.
CVE-2025-47172 is a critical remote code execution vulnerability in Microsoft SharePoint Server with a CVSS v3 score of 8.8. This flaw involves improper neutralization of special elements used in SQL commands, essentially an SQL injection vulnerability.
Unlike the other critical vulnerabilities, this SharePoint flaw requires an authenticated attacker to achieve remote code execution, but successful exploitation could lead to complete server compromise in SharePoint environments.
CVE-2025-33070 represents a critical elevation of privilege vulnerability in Windows Netlogon with a CVSS v3 score of 8.1. Netlogon is a Remote Procedure Call (RPC) protocol and service that facilitates authentication and communication between domain controllers and other devices within a domain.
The vulnerability involves the use of uninitialized resources that allows an unauthenticated attacker to elevate privileges over a network, potentially gaining domain administrator access. Despite requiring additional actions to prepare targets for exploitation, Microsoft has assessed this as "Exploitation More Likely."
With remote exploitation capabilities and no authentication requirements, these critical vulnerabilities open significant attack pathways for determined adversaries. Their high CVSS v3 scores reflect the urgent need to apply fixes before threats leverage them in enterprise environments.
In total, 66 vulnerabilities were addressed in June's Patch Tuesday. Remote Code Execution flaws top the list with 25 patches, followed by 17 Information Disclosure and 13 Elevation of Privilege vulnerabilities. The rest consist of 6 Denial of Service, 3 Security Feature Bypass, and 2 Spoofing flaws.
Here is the breakdown of the categories patched this month:
1. Remote Code Execution – 25
2. Information Disclosure – 17
3. Elevation of Privilege – 13
4. Denial of Service – 6
5. Security Feature Bypass – 3
6. Spoofing – 2
The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's June 2025 Patch Tuesday:
Vulnerability Category
|
CVE IDs
|
---|---|
Remote Code Execution
|
CVE-2025-30399, CVE-2025-47164, CVE-2025-47167, CVE-2025-47162, CVE-2025-47173, CVE-2025-47953, CVE-2025-47165, CVE-2025-47174, CVE-2025-47171, CVE-2025-47176, CVE-2025-47175, CVE-2025-47172, CVE-2025-47166, CVE-2025-47163, CVE-2025-47170, CVE-2025-47957, CVE-2025-47169, CVE-2025-47168, CVE-2025-47959, CVE-2025-33053, CVE-2025-29828, CVE-2025-33071, CVE-2025-32710, CVE-2025-33064, CVE-2025-33066
|
Information Disclosure
|
CVE-2025-32715, CVE-2025-33052, CVE-2025-47969, CVE-2025-32719, CVE-2025-24065, CVE-2025-24068, CVE-2025-33055, CVE-2025-24069, CVE-2025-33060, CVE-2025-33059, CVE-2025-33062, CVE-2025-33061, CVE-2025-33058, CVE-2025-32720, CVE-2025-33065, CVE-2025-33063, CVE-2025-32722
|
Elevation of Privilege
|
CVE-2025-47968, CVE-2025-33069, CVE-2025-33075, CVE-2025-32714, CVE-2025-33067, CVE-2025-33070, CVE-2025-32721, CVE-2025-47955, CVE-2025-32716, CVE-2025-32713, CVE-2025-32712, CVE-2025-33073, CVE-2025-32718, CVE-2025-47962, CVE-2025-47966
|
Denial of Service
|
CVE-2025-33056, CVE-2025-33050, CVE-2025-32725, CVE-2025-33057, CVE-2025-32724, CVE-2025-33068
|
Security Feature Bypass
|
CVE-2025-47160, CVE-2025-3052
|
Spoofing
|
CVE-2025-47977, CVE-2025-47956
|
Remote code execution vulnerabilities continue to dominate Microsoft's monthly patches, representing 37.9% of the June updates. These critical bugs enable attackers to execute arbitrary code for extensive system control, making them high-priority targets for exploitation.
The second most prevalent category is information disclosure at 25.8%, which can provide attackers with sensitive data to facilitate further attacks. Elevation of privilege vulnerabilities account for 19.7% of the patches, empowering threat actors to increase compromised user rights and gain deeper system access.
While less frequent, denial of service, security feature bypass, and spoofing flaws still pose risks and should undergo systematic patching. The concentration of remote code execution vulnerabilities, particularly in widely-used Office applications, underscores the critical importance of prioritizing these updates in enterprise environments.
Microsoft's June 2025 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:
Product Name
|
No. of Vulnerabilities Patched
|
---|---|
Windows Storage Management Provider
|
13
|
Microsoft Office
|
5
|
Microsoft Office Word
|
4
|
Windows SMB
|
2
|
Windows Installer
|
2
|
Windows Local Security Authority (LSA)
|
2
|
Windows DHCP Server
|
2
|
Microsoft Office Excel
|
2
|
Microsoft Office Outlook
|
2
|
Microsoft Office SharePoint
|
3
|
Windows Routing and Remote Access Service (RRAS)
|
2
|
.NET and Visual Studio
|
1
|
App Control for Business (WDAC)
|
1
|
Microsoft AutoUpdate (MAU)
|
1
|
Microsoft Local Security Authority Server (lsasrv)
|
1
|
Microsoft Office PowerPoint
|
1
|
Nuance Digital Engagement Platform
|
1
|
Remote Desktop Client
|
1
|
Visual Studio
|
1
|
WebDAV
|
1
|
Windows Common Log File System Driver
|
1
|
Windows Cryptographic Services
|
1
|
Windows DWM Core Library
|
1
|
Windows Hello
|
1
|
Windows KDC Proxy Service (KPSSVC)
|
1
|
Windows Kernel
|
1
|
Windows Local Security Authority Subsystem Service (LSASS)
|
1
|
Windows Media
|
1
|
Windows Netlogon
|
1
|
Windows Recovery Driver
|
1
|
Windows Remote Access Connection Manager
|
1
|
Windows Remote Desktop Services
|
1
|
Windows SDK
|
1
|
Windows Secure Boot
|
1
|
Windows Security App
|
1
|
Windows Shell
|
1
|
Windows Standards-Based Storage Management Service
|
1
|
Windows Storage Port Driver
|
1
|
Windows Win32K - GRFX
|
1
|
Power Automate
|
1
|
Grand Total
|
66
|
The distribution shows that Windows Storage Management Provider received the most patches with 13 vulnerabilities, followed by Microsoft Office with 5 patches and Microsoft Word with 4 patches. This reflects Microsoft's continued focus on securing core Windows infrastructure components and widely-used productivity applications that represent high-value targets for attackers.
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Nuance Digital Engagement Platform Spoofing Vulnerability
|
No
|
No
|
7.6
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Chromium: CVE-2025-5419 Out of bounds read and write in V8
|
No
|
No
|
N/A
|
|
Chromium: CVE-2025-5068 Use after free in Blink
|
No
|
No
|
N/A
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows SDK Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
.NET and Visual Studio Remote Code Execution Vulnerability
|
No
|
No
|
7.5
|
|
Visual Studio Remote Code Execution Vulnerability
|
No
|
No
|
7.1
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Power Automate Elevation of Privilege Vulnerability
|
No
|
No
|
9.8
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
8.4
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Word Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft PowerPoint Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Outlook Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Office Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Excel Remote Code Execution Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Microsoft Outlook Remote Code Execution Vulnerability
|
No
|
No
|
6.7
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows Task Scheduler Elevation of Privilege Vulnerability
|
No
|
No
|
8.4
|
|
Windows Schannel Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
DHCP Server Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
DHCP Server Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Recovery Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.3
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Security App Spoofing Vulnerability
|
No
|
No
|
5.5
|
|
Windows DWM Core Library Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows App Control for Business Security Feature Bypass Vulnerability
|
No
|
No
|
5.1
|
|
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
|
No
|
No
|
4.4
|
CVE
|
Title
|
Exploited?
|
Publicly disclosed?
|
CVSSv3 base score
|
---|---|---|---|---|
Windows SMB Client Elevation of Privilege Vulnerability
|
No
|
Yes
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
|
No
|
No
|
8.8
|
|
Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
|
Yes
|
No
|
8.8
|
|
Windows Remote Desktop Services Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
Windows Netlogon Elevation of Privilege Vulnerability
|
No
|
No
|
8.1
|
|
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
|
No
|
No
|
8.1
|
|
Windows SMB Client Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Media Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Installer Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Installer Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Win32k Elevation of Privilege Vulnerability
|
No
|
No
|
7.8
|
|
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Windows Local Security Authority (LSA) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
|
No
|
No
|
7.5
|
|
Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass
|
No
|
No
|
6.7
|
|
Windows Local Security Authority (LSA) Denial of Service Vulnerability
|
No
|
No
|
6.5
|
|
Remote Desktop Protocol Client Information Disclosure Vulnerability
|
No
|
No
|
6.5
|
|
Windows Storage Port Driver Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Storage Management Provider Information Disclosure Vulnerability
|
No
|
No
|
5.5
|
|
Windows Shortcut Files Security Feature Bypass Vulnerability
|
No
|
No
|
5.4
|
Microsoft's June 2025 Patch Tuesday addressed 66 vulnerabilities, including two zero-day flaws affecting WebDAV and Windows SMB, with one being actively exploited by the APT group "Stealth Falcon."
This release fixed a variety of vulnerability types, with remote code execution issues being most prevalent at 25 instances. Information disclosure ranked second with 17 patches issued, followed by elevation of privilege with 13 patches. Among the critical bugs are multiple Office RCE vulnerabilities where Preview Pane is an attack vector, a WebDAV RCE exploited in the wild, Windows Schannel RCE, and a Windows KDC Proxy Service RCE.
Critical vulnerabilities addressed this month consist of four Microsoft Office remote code execution flaws (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), the actively exploited WebDAV RCE (CVE-2025-33053), Windows Schannel RCE (CVE-2025-29828), Windows Remote Desktop Services RCE (CVE-2025-32710), SharePoint Server RCE (CVE-2025-47172), Windows KDC Proxy Service RCE (CVE-2025-33071), and a Windows Netlogon elevation of privilege (CVE-2025-33070).
Alongside the critical problems, numerous important-rated issues also got remediated, including the publicly disclosed Windows SMB Client elevation of privilege vulnerability and various information disclosure and denial of service vulnerabilities affecting Windows components and Office applications. Overall, June's patches close 66 security gaps across Microsoft's portfolio.
The concentration of critical Office vulnerabilities with Preview Pane attack vectors, combined with the actively exploited WebDAV zero-day, emphasizes the urgent need for comprehensive patch deployment. Organizations should prioritize the critical remote code execution fixes and implement additional mitigations where immediate patching isn't feasible.
CVE ID
|
Description
|
CVSSv3
|
Severity
|
---|---|---|---|
CVE-2025-47162
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-47164
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-47167
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-47953
|
Microsoft Office Remote Code Execution Vulnerability
|
8.4
|
Critical
|
CVE-2025-47172
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
8.8
|
Critical
|
CVE-2025-33053
|
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability
|
8.8
|
Important
|
CVE-2025-29828
|
Windows Schannel Remote Code Execution Vulnerability
|
8.1
|
Critical
|
CVE-2025-32710
|
Windows Remote Desktop Services Remote Code Execution Vulnerability
|
8.1
|
Critical
|
CVE-2025-33071
|
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
|
8.1
|
Critical
|
CVE-2025-33070
|
Windows Netlogon Elevation of Privilege Vulnerability
|
8.1
|
Critical
|
CVE-2025-33073
|
Windows SMB Client Elevation of Privilege Vulnerability
|
8.8
|
Important
|
We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.