Microsoft Patch Tuesday June 2025
Microsoft has released its monthly Patch Tuesday updates, addressing a total of 66 vulnerabilities in its product suite. This release includes a remediation for one zero-day vulnerability that is currently being actively exploited, as well as another vulnerability that has been publicly disclosed.
The June 2025 security release represents a significant update, featuring 10 critical vulnerabilities that require immediate attention from IT administrators worldwide.
The June 2025 Patch Tuesday addresses vulnerabilities across multiple categories:
.png
"Microsoft Patch Tuesday June 2025 2")
- 25 Remote Code Execution vulnerabilities
- 13 Elevation of Privilege vulnerabilities
- 17 Information Disclosure vulnerabilities
- 6 Denial of Service vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 2 Spoofing vulnerabilities
Zero-Day Vulnerability Under Attack
The most concerning vulnerability in this month’s release is CVE-2025-33053, a remote code execution flaw in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) service.
Security researchers from Check Point Research discovered this vulnerability being actively exploited by the Stealth Falcon advanced persistent threat (APT) group in targeted attacks against defense organizations.
The WebDAV vulnerability allows remote attackers to execute arbitrary code on affected systems when users click on specially crafted WebDAV URLs.
Check Point’s investigation revealed that Stealth Falcon used malicious .url files to exploit this zero-day, manipulating the working directory of legitimate Windows tools to execute malware from actor-controlled WebDAV servers.
A second zero-day vulnerability, CVE-2025-33073, was not actively exploited, yet it affects Windows SMB Client and enables elevation of privilege attacks over networks. This publicly disclosed flaw allows authorized attackers to gain SYSTEM privileges by executing specially crafted scripts that coerce victim machines to authenticate via SMB.
German security firm RedTeam Pentesting originally discovered this vulnerability, with warnings circulating through DFN-CERT before Microsoft’s official patch.
Microsoft Office applications received significant attention with multiple critical remote code execution fixes, including heap-based buffer overflow vulnerabilities that could enable local code execution without user interaction. SharePoint Server also received critical patches for remote code execution flaws that could compromise enterprise collaboration environments.
Several core Windows components received critical security updates, including the Windows KDC Proxy Service (KPSSVC) which had a use-after-free vulnerability enabling network-based code execution.
The Windows Netlogon service received a critical elevation of privilege fix, while Windows Remote Desktop Services addressed a critical remote code execution vulnerability.
The Schannel component, responsible for secure communications, received a critical remote code execution patch affecting Windows cryptographic services. These fixes are particularly important for organizations running Windows Server environments and remote access solutions.
Security experts recommend prioritizing the installation of these updates, especially for the two zero-day vulnerabilities. The WebDAV zero-day (CVE-2025-33053) poses an immediate risk to organizations with internet-facing systems, while the SMB vulnerability (CVE-2025-33073) threatens internal network security.
Microsoft Patch Tuesday June 2025 List
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Microsoft Office | CVE-2025-47164 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47167 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47162 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47953 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Windows Cryptographic Services | CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | Critical |
| Windows KDC Proxy Service (KPSSVC) | CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Windows Netlogon | CVE-2025-33070 | Windows Netlogon Elevation of Privilege Vulnerability | Critical |
| Windows Remote Desktop Services | CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| .NET and Visual Studio | CVE-2025-30399 | .NET and Visual Studio Remote Code Execution Vulnerability | Important |
| App Control for Business (WDAC) | CVE-2025-33069 | Windows App Control for Business Security Feature Bypass Vulnerability | Important |
| Microsoft AutoUpdate (MAU) | CVE-2025-47968 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important |
| Microsoft Local Security Authority Server (lsasrv) | CVE-2025-33056 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Microsoft Office | CVE-2025-47173 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-47165 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2025-47174 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47171 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2025-47176 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47166 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2025-47163 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47170 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47957 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47169 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2025-47168 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Nuance Digital Engagement Platform | CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Important |
| Remote Desktop Client | CVE-2025-32715 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important |
| Visual Studio | CVE-2025-47959 | Visual Studio Remote Code Execution Vulnerability | Important |
| WebDAV | CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2025-32713 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows DHCP Server | CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows DWM Core Library | CVE-2025-33052 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows Hello | CVE-2025-47969 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Important |
| Windows Installer | CVE-2025-33075 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2025-32714 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2025-33067 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important |
| Windows Local Security Authority (LSA) | CVE-2025-33057 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important |
| Windows Local Security Authority Subsystem Service (LSASS) | CVE-2025-32724 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows Media | CVE-2025-32716 | Windows Media Elevation of Privilege Vulnerability | Important |
| Windows Recovery Driver | CVE-2025-32721 | Windows Recovery Driver Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2025-47955 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33064 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows Routing and Remote Access Service (RRAS) | CVE-2025-33066 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important |
| Windows SDK | CVE-2025-47962 | Windows SDK Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Secure Secure Boot Bypass | Important |
| Windows Security App | CVE-2025-47956 | Windows Security App Spoofing Vulnerability | Important |
| Windows Shell | CVE-2025-47160 | Windows Shortcut Files Security Feature Bypass Vulnerability | Important |
| Windows SMB | CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows SMB | CVE-2025-32718 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows Standards-Based Storage Management Service | CVE-2025-33068 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32719 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-32720 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33055 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33058 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33059 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33060 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33061 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33062 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33063 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Management Provider | CVE-2025-33065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows Storage Port Driver | CVE-2025-32722 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2025-32712 | Win32k Elevation of Privilege Vulnerability | Important |
This table is sorted with Critical severity vulnerabilities listed first, followed by Important severity vulnerabilities, as requested.
Microsoft has indicated that proof-of-concept exploits could be rapidly developed by analyzing the published security updates, making swift deployment critical. Organizations should prioritize patching internet-facing systems and domain-joined machines first, while implementing network segmentation as an additional defensive measure.
The June 2025 Patch Tuesday represents one of the more significant monthly releases, combining actively exploited threats with comprehensive fixes across Microsoft’s enterprise and consumer product lines.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
Source link
