Table of Contents
  • Home
  • /
  • Blog
  • /
  • Breaking Down the Latest June 2025 Patch Tuesday Report
June 11, 2025
|
19m

Breaking Down the Latest June 2025 Patch Tuesday Report


A magnifying glass held over business charts with the text "Patch Tuesday June 2025" on a red background.

Microsoft has released its June 2025 Patch Tuesday security updates, addressing 66 vulnerabilities across Windows, Office, Exchange Server, Azure, Visual Studio, and other products. This includes fixes for two zero-day vulnerabilities, with one being actively exploited in the wild.

The two zero-days are a Web Distributed Authoring and Versioning (WebDAV) remote code execution vulnerability (CVE-2025-33053) and a Windows SMB Client elevation of privilege flaw (CVE-2025-33073). The WebDAV vulnerability has been exploited by an advanced persistent threat (APT) group called "Stealth Falcon" in targeted attacks against defense organizations.

Other critical flaws include multiple remote code execution bugs in Microsoft Office (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), a Windows Schannel RCE vulnerability (CVE-2025-29828), a Windows Remote Desktop Services RCE flaw (CVE-2025-32710), and a Windows KDC Proxy Service RCE bug (CVE-2025-33071).

In total, Microsoft addressed 10 critical vulnerabilities and 56 important ones. The most common issues are remote code execution (25 bugs), information disclosure (17 bugs), and elevation of privilege (13 bugs).

Key products receiving security updates include Windows, Office, SharePoint, Visual Studio, Power Automate, WebDAV, and various Windows components. Administrators should prioritize testing and deploying patches for the actively exploited zero-day and the critical remote code execution flaws, particularly those affecting Office applications where the Preview Pane is listed as an attack vector.

Additional steps may be required to fully remediate some vulnerabilities, and organizations should carefully review Microsoft's advisories for specific guidance. Overall, applying these critical monthly security updates helps harden environments against emerging threats and sophisticated attack campaigns.

In this monthly report, we'll break down these zero-day threats along with other major critical issues addressed. Our analysis will examine severity ratings, exploitation vectors, and remediation advice to underscore the essential patches for prioritization. Whether you manage Windows clients and servers or cloud-based services, applying these latest critical and important updates helps secure environments as we progress through 2025.

Key Highlights - Patch Tuesday June 2025

In June's Patch Tuesday, Microsoft addressed 66 flaws, including two zero-day vulnerabilities, with one actively exploited in the wild. This update included patches across categories like remote code execution, elevation of privilege, information disclosure, denial of service, security feature bypass, and spoofing vulnerabilities.

The key affected products in this update span across Microsoft's product range, including Windows, Office, SharePoint, Visual Studio, Power Automate, WebDAV, and various Windows system components. It is crucial for administrators and end users to apply these security updates promptly to protect their systems from these vulnerabilities.

Key Highlights are:

  1. Total Flaws and Zero-Day Vulnerabilities: The June update includes 66 flaws, with two zero-day vulnerabilities, one of which was actively exploited by the APT group "Stealth Falcon."

  2. Critical Flaws: Among the patches, ten critical flaws were fixed, including multiple Office RCE vulnerabilities, a WebDAV RCE flaw, Windows Schannel RCE, Windows Remote Desktop Services RCE, and a Windows KDC Proxy Service RCE.

  3. Variety of Vulnerability Types: The vulnerabilities addressed include 25 Remote Code Execution vulnerabilities, 17 Information Disclosure vulnerabilities, 13 Elevation of Privilege vulnerabilities, 6 Denial of Service vulnerabilities, 3 Security Feature Bypass vulnerabilities, and 2 Spoofing vulnerabilities.

  4. Actively Exploited Zero-Day: The actively exploited zero-day vulnerability is CVE-2025-33053, affecting Web Distributed Authoring and Versioning (WebDAV), which was used in targeted attacks against defense organizations.

  5. Publicly Disclosed Zero-Day: CVE-2025-33073, a Windows SMB Client elevation of privilege vulnerability that allows attackers to gain SYSTEM privileges, was publicly disclosed before a patch was available.

  6. Noteworthy Critical-Rated Bugs: Other critical-rated bugs include four Microsoft Office RCE vulnerabilities (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953) where the Preview Pane is an attack vector, a Windows Schannel RCE (CVE-2025-29828), and a Windows Netlogon elevation of privilege flaw (CVE-2025-33070).

  7. Office Attack Surface: Multiple Office components received critical patches, including Word, Excel, Outlook, PowerPoint, and SharePoint Server, with several vulnerabilities exploitable through the Preview Pane.

This June's Patch Tuesday highlights Microsoft's ongoing commitment to securing its wide range of products against sophisticated threat actors and zero-day exploitation campaigns targeting enterprise environments.

Zero-day Vulnerabilities Patched in June 2025

In June 2025, Microsoft addressed two zero-day vulnerabilities in its Patch Tuesday release. One of these vulnerabilities was actively exploited in the wild by an advanced persistent threat (APT) group, while the other was publicly disclosed before a patch became available. These vulnerabilities posed immediate risks to affected systems and required urgent attention.

CVE-2025-33053 (Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability):

This vulnerability allows an unauthenticated attacker to execute arbitrary code on affected systems through the Windows WebDAV implementation. The flaw has a CVSS v3 base score of 8.8 and is rated as Important severity, though it was actively exploited as a zero-day before patches were available.

According to Check Point Research, who discovered and reported this vulnerability, CVE-2025-33053 was exploited by an APT group known as "Stealth Falcon" in targeted attacks against defense companies. The attack campaign was first identified in March 2025 when Check Point researchers observed an attempted cyberattack against a defense company in Turkey.

The threat actors used a previously undisclosed technique to execute files hosted on a WebDAV server they controlled by manipulating the working directory of a legitimate built-in Windows tool. Successful exploitation requires the attacker to convince a user to click on a specially crafted WebDAV URL, making social engineering a key component of the attack vector.

Interestingly, Microsoft had deprecated the Windows WebDAV implementation (WebClient service) in November 2023, meaning it no longer starts by default. However, the service can still be enabled, and all supported Windows versions, including newer releases like Server 2025 and Windows 11 24H2, receive patches for this vulnerability.

CVE-2025-33073 (Windows SMB Client Elevation of Privilege Vulnerability):

This vulnerability affects the Windows Server Message Block (SMB) client and allows an authenticated attacker to elevate privileges to SYSTEM level. The flaw has a CVSS v3 base score of 8.8 and is rated as Important severity. Unlike the WebDAV vulnerability, this zero-day was publicly disclosed rather than actively exploited.

The vulnerability involves improper access control in Windows SMB that enables privilege escalation over a network. To exploit this flaw, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB credentials and authenticate. Successful exploitation could result in elevation of privilege to SYSTEM level.

According to reports, DFN-CERT (Computer Emergency Response Team of the German Research Network) began circulating warnings from RedTeam Pentesting about this vulnerability before the patch was released. The flaw was discovered by multiple security researchers, including Keisuke Hirata with CrowdStrike, Synacktiv research team, Stefan Walter with SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw of Google Project Zero.

While an update is now available through this Patch Tuesday release, Microsoft notes that the vulnerability can be mitigated by enforcing server-side SMB signing via Group Policy as an interim measure for organizations that cannot immediately deploy the patch.

Both zero-day vulnerabilities underscore the continued targeting of Windows infrastructure by sophisticated threat actors and the importance of rapid patch deployment to prevent exploitation in enterprise environments.

Here's a table for the Zero-Day Vulnerabilities section:

CVE ID
Description
CVSSv3
Severity
Exploited?
Publicly Disclosed?
CVE-2025-33053
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability
8.8
Important
Yes
No
CVE-2025-33073
Windows SMB Client Elevation of Privilege Vulnerability
8.8
Important
No
Yes

Critical Vulnerabilities Patched in June 2025

Microsoft's June 2025 security updates addressed ten critical vulnerabilities that could be exploited to achieve remote code execution or elevation of privilege. These flaws represent significant risks that malicious actors could leverage in attacks. Promptly patching critical issues should be a top priority for security teams.

Microsoft Office Remote Code Execution Vulnerabilities Lead Critical Threats

Four critical remote code execution vulnerabilities in Microsoft Office components pose immediate risks to organizations. CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, and CVE-2025-47953 all share CVSS v3 scores of 8.4 and were discovered by prolific security researcher 0x140ce.

What makes these vulnerabilities particularly dangerous is that the Preview Pane is listed as an attack vector for CVE-2025-47162, CVE-2025-47164, and CVE-2025-47167, meaning users don't need to fully open malicious documents to trigger exploitation. Microsoft has assessed three of these vulnerabilities as "Exploitation More Likely" in their Exploitability Index.

The vulnerabilities affect various Office components through different attack mechanisms:

  • CVE-2025-47162: Heap-based buffer overflow allowing remote code execution

  • CVE-2025-47164 and CVE-2025-47953: Use-after-free flaws enabling arbitrary code execution

  • CVE-2025-47167: Type confusion vulnerability leading to remote code execution

Windows KDC Proxy Service Critical RCE

CVE-2025-33071 represents a critical unauthenticated remote code execution vulnerability in the Windows KDC Proxy Service (KPSSVC) with a CVSS v3 score of 8.1. This service allows clients to communicate with Kerberos Key Distribution Centers over HTTPS instead of TCP, acting as a bridge for authentication requests.

The vulnerability involves a use-after-free flaw that could allow an unauthenticated attacker to achieve remote code execution by exploiting a cryptographic protocol weakness. While exploitation requires the attacker to win a race condition, Microsoft still considers exploitation "More Likely."

The concern is heightened because KDC proxy servers are often exposed to untrusted networks to facilitate Kerberos authentication from external clients, making them attractive targets for attackers. Only Windows Server assets configured as Kerberos Key Distribution Center Proxy Protocol servers are affected, which is not standard configuration for domain controllers.

Windows Schannel Remote Code Execution

CVE-2025-29828 is a critical remote code execution vulnerability in Windows Schannel (Secure Channel) with a CVSS v3 score of 8.1. Schannel is a Security Support Provider used by Windows to implement SSL and TLS protocols.

The vulnerability involves missing memory release after an effective lifetime that may allow an unauthenticated attacker to execute code over a network. Attackers can exploit this flaw by maliciously using fragmented ClientHello messages against target servers that accept TLS connections.

Windows Remote Desktop Services Critical RCE

CVE-2025-32710 affects Windows Remote Desktop Services (RDS), formerly Terminal Services, which allows users to access Windows applications and desktops remotely. This critical vulnerability has a CVSS v3 score of 8.1.

The flaw involves a use-after-free condition that may allow an unauthenticated attacker to execute code over a network. To successfully exploit this vulnerability, an attacker must win a race condition, but the remote nature and lack of authentication requirements make this a high-priority patch.

Microsoft SharePoint Server Critical RCE

CVE-2025-47172 is a critical remote code execution vulnerability in Microsoft SharePoint Server with a CVSS v3 score of 8.8. This flaw involves improper neutralization of special elements used in SQL commands, essentially an SQL injection vulnerability.

Unlike the other critical vulnerabilities, this SharePoint flaw requires an authenticated attacker to achieve remote code execution, but successful exploitation could lead to complete server compromise in SharePoint environments.

Windows Netlogon Elevation of Privilege

CVE-2025-33070 represents a critical elevation of privilege vulnerability in Windows Netlogon with a CVSS v3 score of 8.1. Netlogon is a Remote Procedure Call (RPC) protocol and service that facilitates authentication and communication between domain controllers and other devices within a domain.

The vulnerability involves the use of uninitialized resources that allows an unauthenticated attacker to elevate privileges over a network, potentially gaining domain administrator access. Despite requiring additional actions to prepare targets for exploitation, Microsoft has assessed this as "Exploitation More Likely."

With remote exploitation capabilities and no authentication requirements, these critical vulnerabilities open significant attack pathways for determined adversaries. Their high CVSS v3 scores reflect the urgent need to apply fixes before threats leverage them in enterprise environments.

Vulnerabilities by Category

In total, 66 vulnerabilities were addressed in June's Patch Tuesday. Remote Code Execution flaws top the list with 25 patches, followed by 17 Information Disclosure and 13 Elevation of Privilege vulnerabilities. The rest consist of 6 Denial of Service, 3 Security Feature Bypass, and 2 Spoofing flaws.

Here is the breakdown of the categories patched this month:

1. Remote Code Execution – 25

2. Information Disclosure – 17

3. Elevation of Privilege – 13

4. Denial of Service – 6

5. Security Feature Bypass – 3

6. Spoofing – 2

The table below shows the CVE IDs mapped to these vulnerability types from Microsoft's June 2025 Patch Tuesday:

Vulnerability Category
CVE IDs
Remote Code Execution
CVE-2025-30399, CVE-2025-47164, CVE-2025-47167, CVE-2025-47162, CVE-2025-47173, CVE-2025-47953, CVE-2025-47165, CVE-2025-47174, CVE-2025-47171, CVE-2025-47176, CVE-2025-47175, CVE-2025-47172, CVE-2025-47166, CVE-2025-47163, CVE-2025-47170, CVE-2025-47957, CVE-2025-47169, CVE-2025-47168, CVE-2025-47959, CVE-2025-33053, CVE-2025-29828, CVE-2025-33071, CVE-2025-32710, CVE-2025-33064, CVE-2025-33066
Information Disclosure
CVE-2025-32715, CVE-2025-33052, CVE-2025-47969, CVE-2025-32719, CVE-2025-24065, CVE-2025-24068, CVE-2025-33055, CVE-2025-24069, CVE-2025-33060, CVE-2025-33059, CVE-2025-33062, CVE-2025-33061, CVE-2025-33058, CVE-2025-32720, CVE-2025-33065, CVE-2025-33063, CVE-2025-32722
Elevation of Privilege
CVE-2025-47968, CVE-2025-33069, CVE-2025-33075, CVE-2025-32714, CVE-2025-33067, CVE-2025-33070, CVE-2025-32721, CVE-2025-47955, CVE-2025-32716, CVE-2025-32713, CVE-2025-32712, CVE-2025-33073, CVE-2025-32718, CVE-2025-47962, CVE-2025-47966
Denial of Service
CVE-2025-33056, CVE-2025-33050, CVE-2025-32725, CVE-2025-33057, CVE-2025-32724, CVE-2025-33068
Security Feature Bypass
CVE-2025-47160, CVE-2025-3052
Spoofing
CVE-2025-47977, CVE-2025-47956

Remote code execution vulnerabilities continue to dominate Microsoft's monthly patches, representing 37.9% of the June updates. These critical bugs enable attackers to execute arbitrary code for extensive system control, making them high-priority targets for exploitation.

The second most prevalent category is information disclosure at 25.8%, which can provide attackers with sensitive data to facilitate further attacks. Elevation of privilege vulnerabilities account for 19.7% of the patches, empowering threat actors to increase compromised user rights and gain deeper system access.

While less frequent, denial of service, security feature bypass, and spoofing flaws still pose risks and should undergo systematic patching. The concentration of remote code execution vulnerabilities, particularly in widely-used Office applications, underscores the critical importance of prioritizing these updates in enterprise environments.

List of Products Patched in June 2025 Patch Tuesday Report

Microsoft's June 2025 Patch Tuesday includes updates for a broad range of its products, applications, and services. Here are the applications and product components that have received patches:

Product Name
No. of Vulnerabilities Patched
Windows Storage Management Provider
13
Microsoft Office
5
Microsoft Office Word
4
Windows SMB
2
Windows Installer
2
Windows Local Security Authority (LSA)
2
Windows DHCP Server
2
Microsoft Office Excel
2
Microsoft Office Outlook
2
Microsoft Office SharePoint
3
Windows Routing and Remote Access Service (RRAS)
2
.NET and Visual Studio
1
App Control for Business (WDAC)
1
Microsoft AutoUpdate (MAU)
1
Microsoft Local Security Authority Server (lsasrv)
1
Microsoft Office PowerPoint
1
Nuance Digital Engagement Platform
1
Remote Desktop Client
1
Visual Studio
1
WebDAV
1
Windows Common Log File System Driver
1
Windows Cryptographic Services
1
Windows DWM Core Library
1
Windows Hello
1
Windows KDC Proxy Service (KPSSVC)
1
Windows Kernel
1
Windows Local Security Authority Subsystem Service (LSASS)
1
Windows Media
1
Windows Netlogon
1
Windows Recovery Driver
1
Windows Remote Access Connection Manager
1
Windows Remote Desktop Services
1
Windows SDK
1
Windows Secure Boot
1
Windows Security App
1
Windows Shell
1
Windows Standards-Based Storage Management Service
1
Windows Storage Port Driver
1
Windows Win32K - GRFX
1
Power Automate
1
Grand Total
66

The distribution shows that Windows Storage Management Provider received the most patches with 13 vulnerabilities, followed by Microsoft Office with 5 patches and Microsoft Word with 4 patches. This reflects Microsoft's continued focus on securing core Windows infrastructure components and widely-used productivity applications that represent high-value targets for attackers.

Summary charts

Azure vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Nuance Digital Engagement Platform Spoofing Vulnerability
No
No
7.6

Browser vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Chromium: CVE-2025-5419 Out of bounds read and write in V8
No
No
N/A
Chromium: CVE-2025-5068 Use after free in Blink
No
No
N/A

Developer Tools vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows SDK Elevation of Privilege Vulnerability
No
No
7.8
.NET and Visual Studio Remote Code Execution Vulnerability
No
No
7.5
Visual Studio Remote Code Execution Vulnerability
No
No
7.1

Microsoft Dynamics vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Power Automate Elevation of Privilege Vulnerability
No
No
9.8

Microsoft Office vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
No
No
8.8
Microsoft Word Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Office Remote Code Execution Vulnerability
No
No
8.4
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft Word Remote Code Execution Vulnerability
No
No
7.8
Microsoft PowerPoint Remote Code Execution Vulnerability
No
No
7.8
Microsoft Outlook Remote Code Execution Vulnerability
No
No
7.8
Microsoft Office Remote Code Execution Vulnerability
No
No
7.8
Microsoft Excel Remote Code Execution Vulnerability
No
No
7.8
Microsoft Excel Remote Code Execution Vulnerability
No
No
7.8
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
No
No
7.8
Microsoft Outlook Remote Code Execution Vulnerability
No
No
6.7

Windows vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows Task Scheduler Elevation of Privilege Vulnerability
No
No
8.4
Windows Schannel Remote Code Execution Vulnerability
No
No
8.1
DHCP Server Service Denial of Service Vulnerability
No
No
7.5
DHCP Server Service Denial of Service Vulnerability
No
No
7.5
Windows Recovery Driver Elevation of Privilege Vulnerability
No
No
7.3
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Security App Spoofing Vulnerability
No
No
5.5
Windows DWM Core Library Information Disclosure Vulnerability
No
No
5.5
Windows App Control for Business Security Feature Bypass Vulnerability
No
No
5.1
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
No
No
4.4

Windows ESU vulnerabilities

CVE
Title
Exploited?
Publicly disclosed?
CVSSv3 base score
Windows SMB Client Elevation of Privilege Vulnerability
No
Yes
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
No
No
8.8
Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
Yes
No
8.8
Windows Remote Desktop Services Remote Code Execution Vulnerability
No
No
8.1
Windows Netlogon Elevation of Privilege Vulnerability
No
No
8.1
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
No
No
8.1
Windows SMB Client Elevation of Privilege Vulnerability
No
No
7.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
No
No
7.8
Windows Media Elevation of Privilege Vulnerability
No
No
7.8
Windows Installer Elevation of Privilege Vulnerability
No
No
7.8
Windows Installer Elevation of Privilege Vulnerability
No
No
7.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
No
No
7.8
Win32k Elevation of Privilege Vulnerability
No
No
7.8
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
No
No
7.5
Windows Local Security Authority (LSA) Denial of Service Vulnerability
No
No
7.5
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
No
No
7.5
Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass
No
No
6.7
Windows Local Security Authority (LSA) Denial of Service Vulnerability
No
No
6.5
Remote Desktop Protocol Client Information Disclosure Vulnerability
No
No
6.5
Windows Storage Port Driver Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Storage Management Provider Information Disclosure Vulnerability
No
No
5.5
Windows Shortcut Files Security Feature Bypass Vulnerability
No
No
5.4

Bottom Line

Microsoft's June 2025 Patch Tuesday addressed 66 vulnerabilities, including two zero-day flaws affecting WebDAV and Windows SMB, with one being actively exploited by the APT group "Stealth Falcon."

This release fixed a variety of vulnerability types, with remote code execution issues being most prevalent at 25 instances. Information disclosure ranked second with 17 patches issued, followed by elevation of privilege with 13 patches. Among the critical bugs are multiple Office RCE vulnerabilities where Preview Pane is an attack vector, a WebDAV RCE exploited in the wild, Windows Schannel RCE, and a Windows KDC Proxy Service RCE.

Critical vulnerabilities addressed this month consist of four Microsoft Office remote code execution flaws (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953), the actively exploited WebDAV RCE (CVE-2025-33053), Windows Schannel RCE (CVE-2025-29828), Windows Remote Desktop Services RCE (CVE-2025-32710), SharePoint Server RCE (CVE-2025-47172), Windows KDC Proxy Service RCE (CVE-2025-33071), and a Windows Netlogon elevation of privilege (CVE-2025-33070).

Alongside the critical problems, numerous important-rated issues also got remediated, including the publicly disclosed Windows SMB Client elevation of privilege vulnerability and various information disclosure and denial of service vulnerabilities affecting Windows components and Office applications. Overall, June's patches close 66 security gaps across Microsoft's portfolio.

The concentration of critical Office vulnerabilities with Preview Pane attack vectors, combined with the actively exploited WebDAV zero-day, emphasizes the urgent need for comprehensive patch deployment. Organizations should prioritize the critical remote code execution fixes and implement additional mitigations where immediate patching isn't feasible.

CVE ID
Description
CVSSv3
Severity
CVE-2025-47162
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-47164
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-47167
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-47953
Microsoft Office Remote Code Execution Vulnerability
8.4
Critical
CVE-2025-47172
Microsoft SharePoint Server Remote Code Execution Vulnerability
8.8
Critical
CVE-2025-33053
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability
8.8
Important
CVE-2025-29828
Windows Schannel Remote Code Execution Vulnerability
8.1
Critical
CVE-2025-32710
Windows Remote Desktop Services Remote Code Execution Vulnerability
8.1
Critical
CVE-2025-33071
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
8.1
Critical
CVE-2025-33070
Windows Netlogon Elevation of Privilege Vulnerability
8.1
Critical
CVE-2025-33073
Windows SMB Client Elevation of Privilege Vulnerability
8.8
Important

We aim to keep readers informed each month in our Patch Tuesday reports. Please follow our website thesecmaster.com or subscribe to our social media pages on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram to receive similar updates.

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Report

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe