Invest
Invest
HomeVulnerabilityMicrosoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Vulnerability

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

stanlieder
By stanlieder

In the present day is Microsoft’s June 2025 Patch Tuesday, which incorporates security updates for 66 flaws, together with one actively exploited vulnerability and one other that was publicly disclosed.

This Patch Tuesday additionally fixes ten “Vital” vulnerabilities, eight being distant code execution vulnerabilities and two being elevation of privileges bugs.

The variety of bugs in every vulnerability class is listed under:

  • 13 Elevation of Privilege Vulnerabilities
  • 3 Safety Characteristic Bypass Vulnerabilities
  • 25 Distant Code Execution Vulnerabilities
  • 17 Info Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

This rely doesn’t embody Mariner, Microsoft Edge, and Energy Automate flaws mounted earlier this month.

To study extra concerning the non-security updates launched right now, you may evaluate our devoted articles on the Home windows 11 KB5060842 and KB5060999 cumulative updates and the Home windows 10 KB5060533 cumulative replace.

Two zero-days

This month’s Patch Tuesday fixes one actively exploited zero-day and one publicly disclosed vulnerability. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is out there.

The actively exploited zero-day vulnerability in right now’s updates is:

CVE-2025-33053 – Internet Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability

Microsoft mounted a distant code execution vulnerability found by Verify Level Analysis

“A distant code execution vulnerability exists in Microsoft Home windows Internet Distributed Authoring and Versioning. Profitable exploitation of this vulnerability might permit a distant attacker to execute arbitrary code on the affected system,” reads a Verify Level Analysis advisory.

Microsoft’s advisory additional states {that a} consumer should click on on a specifically crafted WebDav URL for the flaw to be exploited.

Whereas Microsoft says that the vulnerability has been exploited in assaults, no additional particulars have been shared. BleepingComputer contacted Verify Level to study extra about how the flaw was utilized in assaults.

Microsoft attributes the invention of this flaw to Alexandra Gofman and David Driker (Verify Level Analysis).

The publicly disclosed zero-day is:

CVE-2025-33073 – Home windows SMB Consumer Elevation of Privilege Vulnerability

Microsoft fixes a flaw in Home windows SMB that permits attackers to achieve SYSTEM privileges on susceptible units.

“Improper entry management in Home windows SMB permits a licensed attacker to raise privileges over a community,” explains Microsoft.

“To use this vulnerability, an attacker might execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might lead to elevation of privilege,” additional explains Microsoft.

Microsoft has not shared how the flaw was publicly disclosed. Nonetheless, Born Metropolis studies that DFN-CERT (Pc Emergency Response Crew of the German Analysis Community) started circulating warnings from RedTeam Pentesting concerning the flaw this week.

See also  Microsoft-owned vendor blamed for large healthcare breach

Whereas an replace is now accessible, the flaw can reportedly be mitigated by implementing server-side SMB signing by way of Group Coverage.

Microsoft attributes the invention of this flaw to a number of researchers, together with Keisuke Hirata with CrowdStrike, Synacktiv analysis with Synacktiv, Stefan Walter with SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw of Google Undertaking Zero.

Latest updates from different corporations

Different distributors who launched updates or advisories in June 2025 embody:

  • Adobe launched security updates for InCopy, Expertise Supervisor, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.
  • Cisco launched patches for 3 vulnerabilities with public exploit code in its Id Providers Engine (ISE) and Buyer Collaboration Platform (CCP) merchandise.
  • Fortinet launched security updates for an OS command (‘OS Command Injection’) vulnerability in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData merchandise.
  • Google’s June 2025 security updates for Android repair quite a few vulnerabilities. Google additionally mounted an actively exploited Google Chrome zero-day flaw.
  • Hewlett Packard Enterprise (HPE) issued security updates to repair eight vulnerabilities impacting StoreOnce,
  • Ivanti launched security updates to repair three high-severity hardcoded key vulnerabilities in Workspace Management (IWC).
  • Qualcomm launched security updates for 3 zero-day vulnerabilities within the Adreno Graphics Processing Unit (GPU) driver which might be exploited in focused assaults.
  • Roundcube launched security updates for a essential distant code execution (RCE) flaw with a public exploit that’s now exploited in assaults.
  • SAP releases security updates for a number of merchandise, together with a essential lacking authorization verify in SAP NetWeaver Software Server for ABAP.

The June 2025 Patch Tuesday Safety Updates

Under is the entire listing of resolved vulnerabilities within the June 2025 Patch Tuesday updates.

To entry the total description of every vulnerability and the techniques it impacts, you may view the full report right here.

Tag CVE ID CVE Title Severity
.NET and Visible Studio CVE-2025-30399 .NET and Visible Studio Distant Code Execution Vulnerability Vital
App Management for Enterprise (WDAC) CVE-2025-33069 Home windows App Management for Enterprise Safety Characteristic Bypass Vulnerability Vital
Microsoft AutoUpdate (MAU) CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Vital
Microsoft Native Safety Authority Server (lsasrv) CVE-2025-33056 Home windows Native Safety Authority (LSA) Denial of Service Vulnerability Vital
Microsoft Workplace CVE-2025-47164 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace CVE-2025-47167 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace CVE-2025-47162 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace CVE-2025-47173 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace CVE-2025-47953 Microsoft Workplace Distant Code Execution Vulnerability Vital
Microsoft Workplace Excel CVE-2025-47165 Microsoft Excel Distant Code Execution Vulnerability Vital
Microsoft Workplace Excel CVE-2025-47174 Microsoft Excel Distant Code Execution Vulnerability Vital
Microsoft Workplace Outlook CVE-2025-47171 Microsoft Outlook Distant Code Execution Vulnerability Vital
Microsoft Workplace Outlook CVE-2025-47176 Microsoft Outlook Distant Code Execution Vulnerability Vital
Microsoft Workplace PowerPoint CVE-2025-47175 Microsoft PowerPoint Distant Code Execution Vulnerability Vital
Microsoft Workplace SharePoint CVE-2025-47172 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft Workplace SharePoint CVE-2025-47166 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft Workplace SharePoint CVE-2025-47163 Microsoft SharePoint Server Distant Code Execution Vulnerability Vital
Microsoft Workplace Phrase CVE-2025-47170 Microsoft Phrase Distant Code Execution Vulnerability Vital
Microsoft Workplace Phrase CVE-2025-47957 Microsoft Phrase Distant Code Execution Vulnerability Vital
Microsoft Workplace Phrase CVE-2025-47169 Microsoft Phrase Distant Code Execution Vulnerability Vital
Microsoft Workplace Phrase CVE-2025-47168 Microsoft Phrase Distant Code Execution Vulnerability Vital
Nuance Digital Engagement Platform CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability Vital
Distant Desktop Consumer CVE-2025-32715 Distant Desktop Protocol Consumer Info Disclosure Vulnerability Vital
Visible Studio CVE-2025-47959 Visible Studio Distant Code Execution Vulnerability Vital
WebDAV CVE-2025-33053 Internet Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability Vital
Home windows Widespread Log File System Driver CVE-2025-32713 Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability Vital
Home windows Cryptographic Providers CVE-2025-29828 Home windows Schannel Distant Code Execution Vulnerability Vital
Home windows DHCP Server CVE-2025-33050 DHCP Server Service Denial of Service Vulnerability Vital
Home windows DHCP Server CVE-2025-32725 DHCP Server Service Denial of Service Vulnerability Vital
Home windows DWM Core Library CVE-2025-33052 Home windows DWM Core Library Info Disclosure Vulnerability Vital
Home windows Good day CVE-2025-47969 Home windows Virtualization-Based mostly Safety (VBS) Info Disclosure Vulnerability Vital
Home windows Installer CVE-2025-33075 Home windows Installer Elevation of Privilege Vulnerability Vital
Home windows Installer CVE-2025-32714 Home windows Installer Elevation of Privilege Vulnerability Vital
Home windows KDC Proxy Service (KPSSVC) CVE-2025-33071 Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability Vital
Home windows Kernel CVE-2025-33067 Home windows Job Scheduler Elevation of Privilege Vulnerability Vital
Home windows Native Safety Authority (LSA) CVE-2025-33057 Home windows Native Safety Authority (LSA) Denial of Service Vulnerability Vital
Home windows Native Safety Authority Subsystem Service (LSASS) CVE-2025-32724 Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability Vital
Home windows Media CVE-2025-32716 Home windows Media Elevation of Privilege Vulnerability Vital
Home windows Netlogon CVE-2025-33070 Home windows Netlogon Elevation of Privilege Vulnerability Vital
Home windows Restoration Driver CVE-2025-32721 Home windows Restoration Driver Elevation of Privilege Vulnerability Vital
Home windows Distant Entry Connection Supervisor CVE-2025-47955 Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability Vital
Home windows Distant Desktop Providers CVE-2025-32710 Home windows Distant Desktop Providers Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2025-33064 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows Routing and Distant Entry Service (RRAS) CVE-2025-33066 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Vital
Home windows SDK CVE-2025-47962 Home windows SDK Elevation of Privilege Vulnerability Vital
Home windows Safe Boot CVE-2025-3052 Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass Vital
Home windows Safety App CVE-2025-47956 Home windows Safety App Spoofing Vulnerability Vital
Home windows Shell CVE-2025-47160 Home windows Shortcut Recordsdata Safety Characteristic Bypass Vulnerability Vital
Home windows SMB CVE-2025-33073 Home windows SMB Consumer Elevation of Privilege Vulnerability Vital
Home windows SMB CVE-2025-32718 Home windows SMB Consumer Elevation of Privilege Vulnerability Vital
Home windows Requirements-Based mostly Storage Administration Service CVE-2025-33068 Home windows Requirements-Based mostly Storage Administration Service Denial of Service Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-32719 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-24065 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-24068 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33055 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-24069 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33060 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33059 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33062 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33061 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33058 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-32720 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33065 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Administration Supplier CVE-2025-33063 Home windows Storage Administration Supplier Info Disclosure Vulnerability Vital
Home windows Storage Port Driver CVE-2025-32722 Home windows Storage Port Driver Info Disclosure Vulnerability Vital
Home windows Win32K – GRFX CVE-2025-32712 Win32k Elevation of Privilege Vulnerability Vital
See also  PoC Exploits Launched for Citrix and VMware Vulnerabilities

Tines Needle

Patching used to imply complicated scripts, lengthy hours, and countless hearth drills. Not anymore.

On this new information, Tines breaks down how trendy IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no complicated scripts required.

- Advertisment -spot_img
Previous article
Seraphic Safety Unveils BrowserTotal™ – Free AI-Powered Browser Safety Evaluation for Enterprises
Next article
Texas Dept. of Transportation breached, 300k crash data stolen
stanlieder
stanliederhttps://news.killnetswitch.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Load more

EDITOR PICKS

POPULAR News

POPULAR TAGS

NewsvulnerabilitiesVulnerabilityCybersecurityData BreachMalwareCyber AttacksThreat Intelligenceransomwarenetwork securityRemote Code ExecutionCyber Attackzero dayCloud SecuritymicrosoftData ProtectionCybercrimesecuritySecurity Tipscyber espionage

POPULAR Tags

NewsvulnerabilitiesVulnerabilityCybersecurityData BreachMalwareCyber AttacksThreat Intelligenceransomwarenetwork securityRemote Code ExecutionCyber Attackzero dayCloud SecuritymicrosoftData ProtectionCybercrimesecuritySecurity Tipscyber espionage

POPULAR Tags

NewsvulnerabilitiesVulnerabilityCybersecurityData BreachMalwareCyber AttacksThreat Intelligenceransomwarenetwork securityRemote Code ExecutionCyber Attackzero dayCloud Securitymicrosoft

ABOUT US

Welcome to News.killnetswitch, your trusted source for the latest updates, insights, and analysis in the world of cybersecurity and network security.

Contact us : info@killnetswitch.com

FOLLOW US

© 2025 All Rights reserved | Protected by News.Killnetswitch