Right now is Microsoft’s June 2025 Patch Tuesday, which incorporates safety updates for 66 flaws, together with one actively exploited vulnerability and one other that was publicly disclosed.
This Patch Tuesday additionally fixes ten “Vital” vulnerabilities, eight being distant code execution vulnerabilities and two being elevation of privileges bugs.
The variety of bugs in every vulnerability class is listed under:
- 13 Elevation of Privilege Vulnerabilities
- 3 Safety Characteristic Bypass Vulnerabilities
- 25 Distant Code Execution Vulnerabilities
- 17 Info Disclosure Vulnerabilities
- 6 Denial of Service Vulnerabilities
- 2 Spoofing Vulnerabilities
This rely doesn’t embody Mariner, Microsoft Edge, and Energy Automate flaws fastened earlier this month.
To study extra in regards to the non-security updates launched right now, you’ll be able to evaluate our devoted articles on the Home windows 11Â KB5060842Â and KB5060999Â cumulative updates and the Home windows 10 KB5060533 cumulative replace.
Two zero-days
This month’s Patch Tuesday fixes one actively exploited zero-day and one publicly disclosed vulnerability. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is accessible.
The actively exploited zero-day vulnerability in right now’s updates is:
CVE-2025-33053 – Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability
Microsoft fastened a distant code execution vulnerability found by Verify Level Analysis
“A distant code execution vulnerability exists in Microsoft Home windows Net Distributed Authoring and Versioning. Profitable exploitation of this vulnerability might enable a distant attacker to execute arbitrary code on the affected system,” reads a Verify Level Analysis advisory.
Microsoft’s advisory additional states {that a} consumer should click on on a specifically crafted WebDav URL for the flaw to be exploited.
A brand new report by Verify Level Analysis explains that CVE-2025-33053 was exploited in zero-day assaults by an APT group named “Stealth Falcon”.
“In March 2025, Verify Level Analysis recognized an tried cyberattack in opposition to a protection firm in Turkey,” defined Verify Level.
“The risk actors used a beforehand undisclosed approach to execute information hosted on a WebDAV server they managed, by manipulating the working listing of a official built-in Home windows instrument.”
“Following accountable disclosure, Microsoft assigned the vulnerability CVE-2025-33053 and launched a patch on June 10, 2025, as a part of their June Patch Tuesday updates.”
Microsoft attributes the invention of this flaw to Alexandra Gofman and David Driker (Verify Level Analysis).
The publicly disclosed zero-day is:
CVE-2025-33073 – Home windows SMB Consumer Elevation of Privilege Vulnerability
Microsoft fixes a flaw in Home windows SMB that permits attackers to realize SYSTEM privileges on weak units.
“Improper entry management in Home windows SMB permits a certified attacker to raise privileges over a community,” explains Microsoft.
“To use this vulnerability, an attacker might execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might end in elevation of privilege,” additional explains Microsoft.
Microsoft has not shared how the flaw was publicly disclosed. Nevertheless, Born Metropolis experiences that DFN-CERT (Pc Emergency Response Staff of the German Analysis Community) started circulating warnings from RedTeam Pentesting in regards to the flaw this week.
Whereas an replace is now out there, the flaw can reportedly be mitigated by imposing server-side SMB signing through Group Coverage.
Microsoft attributes the invention of this flaw to a number of researchers, together with Keisuke Hirata with CrowdStrike, Synacktiv analysis with Synacktiv, Stefan Walter with SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw of Google Venture Zero.
Latest updates from different firms
Different distributors who launched updates or advisories in June 2025 embody:
- Adobe launched safety updates for InCopy, Expertise Supervisor, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.
- Cisco launched patches for 3 vulnerabilities with public exploit code in its Id Companies Engine (ISE) and Buyer Collaboration Platform (CCP) merchandise.
- Fortinet launched safety updates for an OS command (‘OS Command Injection’) vulnerability in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData merchandise.
- Google’s June 2025 safety updates for Android repair quite a few vulnerabilities. Google additionally fastened an actively exploited Google Chrome zero-day flaw.
- Hewlett Packard Enterprise (HPE)Â issued safety updates to repair eight vulnerabilities impacting StoreOnce,
- Ivanti launched safety updates to repair three high-severity hardcoded key vulnerabilities in Workspace Management (IWC).
- Qualcomm launched safety updates for 3 zero-day vulnerabilities within the Adreno Graphics Processing Unit (GPU) driver which can be exploited in focused assaults.
- Roundcube launched safety updates for a vital distant code execution (RCE) flaw with a public exploit that’s now exploited in assaults.
- SAP releases safety updates for a number of merchandise, together with a vital lacking authorization verify in SAP NetWeaver Software Server for ABAP.
The June 2025Â Patch Tuesday Safety Updates
Beneath is the whole record of resolved vulnerabilities within the June 2025 Patch Tuesday updates.
To entry the complete description of every vulnerability and the methods it impacts, you’ll be able to view the full report right here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET and Visible Studio | CVE-2025-30399 | .NET and Visible Studio Distant Code Execution Vulnerability | Necessary |
| App Management for Enterprise (WDAC) | CVE-2025-33069 | Home windows App Management for Enterprise Safety Characteristic Bypass Vulnerability | Necessary |
| Microsoft AutoUpdate (MAU) | CVE-2025-47968 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Necessary |
| Microsoft Native Safety Authority Server (lsasrv) | CVE-2025-33056 | Home windows Native Safety Authority (LSA) Denial of Service Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-47164 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2025-47167 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2025-47162 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace | CVE-2025-47173 | Microsoft Workplace Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace | CVE-2025-47953 | Microsoft Workplace Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace Excel | CVE-2025-47165 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Excel | CVE-2025-47174 | Microsoft Excel Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Outlook | CVE-2025-47171 | Microsoft Outlook Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Outlook | CVE-2025-47176 | Microsoft Outlook Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace PowerPoint | CVE-2025-47175 | Microsoft PowerPoint Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-47172 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Vital |
| Microsoft Workplace SharePoint | CVE-2025-47166 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace SharePoint | CVE-2025-47163 | Microsoft SharePoint Server Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-47170 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-47957 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-47169 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Microsoft Workplace Phrase | CVE-2025-47168 | Microsoft Phrase Distant Code Execution Vulnerability | Necessary |
| Nuance Digital Engagement Platform | CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Necessary |
| Distant Desktop Consumer | CVE-2025-32715 | Distant Desktop Protocol Consumer Info Disclosure Vulnerability | Necessary |
| Visible Studio | CVE-2025-47959 | Visible Studio Distant Code Execution Vulnerability | Necessary |
| WebDAV | CVE-2025-33053 | Net Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability | Necessary |
| Home windows Widespread Log File System Driver | CVE-2025-32713 | Home windows Widespread Log File System Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Cryptographic Companies | CVE-2025-29828 | Home windows Schannel Distant Code Execution Vulnerability | Vital |
| Home windows DHCP Server | CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Necessary |
| Home windows DHCP Server | CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Necessary |
| Home windows DWM Core Library | CVE-2025-33052 | Home windows DWM Core Library Info Disclosure Vulnerability | Necessary |
| Home windows Whats up | CVE-2025-47969 | Home windows Virtualization-Primarily based Safety (VBS) Info Disclosure Vulnerability | Necessary |
| Home windows Installer | CVE-2025-33075 | Home windows Installer Elevation of Privilege Vulnerability | Necessary |
| Home windows Installer | CVE-2025-32714 | Home windows Installer Elevation of Privilege Vulnerability | Necessary |
| Home windows KDC Proxy Service (KPSSVC) | CVE-2025-33071 | Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability | Vital |
| Home windows Kernel | CVE-2025-33067 | Home windows Process Scheduler Elevation of Privilege Vulnerability | Necessary |
| Home windows Native Safety Authority (LSA) | CVE-2025-33057 | Home windows Native Safety Authority (LSA) Denial of Service Vulnerability | Necessary |
| Home windows Native Safety Authority Subsystem Service (LSASS) | CVE-2025-32724 | Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Necessary |
| Home windows Media | CVE-2025-32716 | Home windows Media Elevation of Privilege Vulnerability | Necessary |
| Home windows Netlogon | CVE-2025-33070 | Home windows Netlogon Elevation of Privilege Vulnerability | Vital |
| Home windows Restoration Driver | CVE-2025-32721 | Home windows Restoration Driver Elevation of Privilege Vulnerability | Necessary |
| Home windows Distant Entry Connection Supervisor | CVE-2025-47955 | Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability | Necessary |
| Home windows Distant Desktop Companies | CVE-2025-32710 | Home windows Distant Desktop Companies Distant Code Execution Vulnerability | Vital |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-33064 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Necessary |
| Home windows Routing and Distant Entry Service (RRAS) | CVE-2025-33066 | Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability | Necessary |
| Home windows SDK | CVE-2025-47962 | Home windows SDK Elevation of Privilege Vulnerability | Necessary |
| Home windows Safe Boot | CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass | Necessary |
| Home windows Safety App | CVE-2025-47956 | Home windows Safety App Spoofing Vulnerability | Necessary |
| Home windows Shell | CVE-2025-47160 | Home windows Shortcut Recordsdata Safety Characteristic Bypass Vulnerability | Necessary |
| Home windows SMB | CVE-2025-33073 | Home windows SMB Consumer Elevation of Privilege Vulnerability | Necessary |
| Home windows SMB | CVE-2025-32718 | Home windows SMB Consumer Elevation of Privilege Vulnerability | Necessary |
| Home windows Requirements-Primarily based Storage Administration Service | CVE-2025-33068 | Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-32719 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-24065 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-24068 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33055 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-24069 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33060 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33059 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33062 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33061 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33058 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-32720 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33065 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Administration Supplier | CVE-2025-33063 | Home windows Storage Administration Supplier Info Disclosure Vulnerability | Necessary |
| Home windows Storage Port Driver | CVE-2025-32722 | Home windows Storage Port Driver Info Disclosure Vulnerability | Necessary |
| Home windows Win32K – GRFX | CVE-2025-32712 | Win32k Elevation of Privilege Vulnerability | Necessary |
Patching used to imply advanced scripts, lengthy hours, and limitless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and concentrate on strategic work — no advanced scripts required.
