June 2025 Patch Tuesday forecast: Second time is the charm?

Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They also did a great job finally fixing most of the reported issues that have been carried out for a while. But it appears something was not quite right, because there were some issues reported from the start and there’s been a lot of follow-up work.

Patches

In mid-May, Microsoft released KB5061768 for Windows 10 21H2 and 22H2 to address an issue from the May 13th release. That Patch Tuesday update resulted in an unexpected error triggering an automatic repair which prompted for the BitLocker recovery key.

In a similar case, Microsoft released OOB KB5062170 for Windows 11 22H2 and 23H2 as a fix for KB5058405, also from Patch Tuesday.

Application of the earlier patch would fail and force the system into recovery as well. And finally, Microsoft released a series of OOB patches to address an issue where Azure, Windows 10, Windows 11, and Windows Server would freeze or restart unexpectedly in Hyper-V. These updates were targeted at Azure’s confidential virtual machines and were not expected to be used on standard machines. If you haven’t deployed any of these OOB patches, it may pay to wait until next week as they will most likely be included in the monthly cumulative releases.

New developments

Earlier this week, Microsoft launched the new European Security Program, which is an expansion of the Government Security Program. Microsoft is leveraging their AI technology to monitor and respond to threats while sharing information with the European security community.

Microsoft announced that the Autofill function in the Authenticator app is being deprecated over the next three months. You may be seeing warnings about the upcoming deadlines and the migration to Edge for this functionality.

Microsoft is taking a step into the third-party patch space with the introduction of their new orchestration platform. Per Microsoft, they’re “building a vision for a unified, intelligent update orchestration platform capable of supporting any update (apps, drivers, etc.) to be orchestrated alongside Windows updates.” Still in its early beta days, vendors can sign up now to investigate its capabilities.

dMSA vulnerability

There’s an important vulnerability to be aware of as we approach Patch Tuesday. This vulnerability is present in the delegated Managed Service Account (dMSA) feature for Windows Server 2025. As explained in detail by the Akami researcher, the danger is in the way “nonmanaged service accounts by seamlessly converting them into dMSAs.” It’s possible to exploit this migration and elevate privileges in the process. Microsoft is working on a fix, so be on the lookout for one maybe this month.

June Patch Tuesday forecast

• Microsoft continues to crank out the CVE fixes. Expect more of the same this month with the usual operating system, Office, and development tool security updates.
• All the major Adobe Creative Cloud apps were updated last month. Adobe Acrobat and Reader may have a more significant set of security fixes this month.
• Sequoia, Sonoma and Ventura were all updated on May 12th. I don’t expect another update unless a critical issue surfaces.
• Google released Chrome for Desktop 138.0.7204.15 to the Beta channel for Windows, Mac and Linux so expect the GA release next week.
• Mozilla Foundation released Critical security updates for all products on May 27th. I wouldn’t be surprised to see a minor update next week.

Microsoft appears to have fixed the major issues from last Patch Tuesday with all the OOB patches, so I guess the second time is the charm. We’d rather not have a repeat performance this month and expect them to be right from the start.