HomeCyber SecurityMicrosoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
Cyber Security

Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

By Jules Jackson
0
12
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws


Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws

Right now is Microsoft’s June 2025 Patch Tuesday, which incorporates safety updates for 66 flaws, together with one actively exploited vulnerability and one other that was publicly disclosed.

This Patch Tuesday additionally fixes ten “Essential” vulnerabilities, eight being distant code execution vulnerabilities and two being elevation of privileges bugs.

The variety of bugs in every vulnerability class is listed under:

  • 13 Elevation of Privilege Vulnerabilities

  • 3 Safety Characteristic Bypass Vulnerabilities

  • 25 Distant Code Execution Vulnerabilities

  • 17 Data Disclosure Vulnerabilities

  • 6 Denial of Service Vulnerabilities

  • 2 Spoofing Vulnerabilities

This depend doesn’t embrace Mariner, Microsoft Edge, and Energy Automate flaws mounted earlier this month.

To be taught extra in regards to the non-security updates launched at present, you possibly can overview our devoted articles on the Home windows 11 KB5060842 and KB5060999 cumulative updates and the Home windows 10 KB5060533 cumulative replace.

Two zero-days

This month’s Patch Tuesday fixes one actively exploited zero-day and one publicly disclosed vulnerability. Microsoft classifies a zero-day flaw as publicly disclosed or actively exploited whereas no official repair is accessible.

The actively exploited zero-day vulnerability in at present’s updates is:

CVE-2025-33053 – Internet Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability

Microsoft mounted a distant code execution vulnerability found by Test Level Analysis

“A distant code execution vulnerability exists in Microsoft Home windows Internet Distributed Authoring and Versioning. Profitable exploitation of this vulnerability might enable a distant attacker to execute arbitrary code on the affected system,” reads a Test Level Analysis advisory.

Microsoft’s advisory additional states {that a} consumer should click on on a specifically crafted WebDav URL for the flaw to be exploited.

A brand new report by Test Level Analysis explains that CVE-2025-33053 was exploited in zero-day assaults by an APT group named “Stealth Falcon”.

“In March 2025, Test Level Analysis recognized an tried cyberattack in opposition to a protection firm in Turkey,” defined Test Level.

“The risk actors used a beforehand undisclosed approach to execute recordsdata hosted on a WebDAV server they managed, by manipulating the working listing of a official built-in Home windows software.”

“Following accountable disclosure, Microsoft assigned the vulnerability CVE-2025-33053 and launched a patch on June 10, 2025, as a part of their June Patch Tuesday updates.”

Microsoft attributes the invention of this flaw to Alexandra Gofman and David Driker (Test Level Analysis).

The publicly disclosed zero-day is:

CVE-2025-33073 – Home windows SMB Consumer Elevation of Privilege Vulnerability

Microsoft fixes a flaw in Home windows SMB that enables attackers to achieve SYSTEM privileges on weak units.

“Improper entry management in Home windows SMB permits a licensed attacker to raise privileges over a community,” explains Microsoft.

“To use this vulnerability, an attacker might execute a specifically crafted malicious script to coerce the sufferer machine to attach again to the assault system utilizing SMB and authenticate. This might end in elevation of privilege,” additional explains Microsoft.

Microsoft has not shared how the flaw was publicly disclosed. Nonetheless, Born Metropolis reviews that DFN-CERT (Laptop Emergency Response Group of the German Analysis Community) started circulating warnings from RedTeam Pentesting in regards to the flaw this week.

Whereas an replace is now out there, the flaw can reportedly be mitigated by imposing server-side SMB signing through Group Coverage.

Microsoft attributes the invention of this flaw to a number of researchers, together with Keisuke Hirata with CrowdStrike, Synacktiv analysis with Synacktiv, Stefan Walter with SySS GmbH, RedTeam Pentesting GmbH, and James Forshaw of Google Challenge Zero.

Current updates from different corporations

Different distributors who launched updates or advisories in June 2025 embrace:

  • Adobe launched safety updates for InCopy, Expertise Supervisor, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.

  • Cisco launched patches for 3 vulnerabilities with public exploit code in its Id Companies Engine (ISE) and Buyer Collaboration Platform (CCP) merchandise.

  • Fortinet launched safety updates for an OS command (‘OS Command Injection’) vulnerability in FortiManager, FortiAnalyzer & FortiAnalyzer-BigData merchandise.

  • Google’s June 2025 safety updates for Android repair quite a few vulnerabilities. Google additionally mounted an actively exploited Google Chrome zero-day flaw.

  • Hewlett Packard Enterprise (HPE) issued safety updates to repair eight vulnerabilities impacting StoreOnce,

  • Ivanti launched safety updates to repair three high-severity hardcoded key vulnerabilities in Workspace Management (IWC).

  • Qualcomm launched safety updates for 3 zero-day vulnerabilities within the Adreno Graphics Processing Unit (GPU) driver which might be exploited in focused assaults.

  • Roundcube launched safety updates for a crucial distant code execution (RCE) flaw with a public exploit that’s now exploited in assaults.

  • SAP releases safety updates for a number of merchandise, together with a crucial lacking authorization test in SAP NetWeaver Software Server for ABAP.

The June 2025 Patch Tuesday Safety Updates

Beneath is the whole record of resolved vulnerabilities within the June 2025 Patch Tuesday updates.

To entry the complete description of every vulnerability and the programs it impacts, you possibly can view the full report right here.




































































Tag CVE ID CVE Title Severity
.NET and Visible Studio CVE-2025-30399 .NET and Visible Studio Distant Code Execution Vulnerability Essential
App Management for Enterprise (WDAC) CVE-2025-33069 Home windows App Management for Enterprise Safety Characteristic Bypass Vulnerability Essential
Microsoft AutoUpdate (MAU) CVE-2025-47968 Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability Essential
Microsoft Native Safety Authority Server (lsasrv) CVE-2025-33056 Home windows Native Safety Authority (LSA) Denial of Service Vulnerability Essential
Microsoft Workplace CVE-2025-47164 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2025-47167 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2025-47162 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2025-47173 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2025-47953 Microsoft Workplace Distant Code Execution Vulnerability Essential
Microsoft Workplace Excel CVE-2025-47165 Microsoft Excel Distant Code Execution Vulnerability Essential
Microsoft Workplace Excel CVE-2025-47174 Microsoft Excel Distant Code Execution Vulnerability Essential
Microsoft Workplace Outlook CVE-2025-47171 Microsoft Outlook Distant Code Execution Vulnerability Essential
Microsoft Workplace Outlook CVE-2025-47176 Microsoft Outlook Distant Code Execution Vulnerability Essential
Microsoft Workplace PowerPoint CVE-2025-47175 Microsoft PowerPoint Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2025-47172 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2025-47166 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2025-47163 Microsoft SharePoint Server Distant Code Execution Vulnerability Essential
Microsoft Workplace Phrase CVE-2025-47170 Microsoft Phrase Distant Code Execution Vulnerability Essential
Microsoft Workplace Phrase CVE-2025-47957 Microsoft Phrase Distant Code Execution Vulnerability Essential
Microsoft Workplace Phrase CVE-2025-47169 Microsoft Phrase Distant Code Execution Vulnerability Essential
Microsoft Workplace Phrase CVE-2025-47168 Microsoft Phrase Distant Code Execution Vulnerability Essential
Nuance Digital Engagement Platform CVE-2025-47977 Nuance Digital Engagement Platform Spoofing Vulnerability Essential
Distant Desktop Consumer CVE-2025-32715 Distant Desktop Protocol Consumer Data Disclosure Vulnerability Essential
Visible Studio CVE-2025-47959 Visible Studio Distant Code Execution Vulnerability Essential
WebDAV CVE-2025-33053 Internet Distributed Authoring and Versioning (WEBDAV) Distant Code Execution Vulnerability Essential
Home windows Frequent Log File System Driver CVE-2025-32713 Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability Essential
Home windows Cryptographic Companies CVE-2025-29828 Home windows Schannel Distant Code Execution Vulnerability Essential
Home windows DHCP Server CVE-2025-33050 DHCP Server Service Denial of Service Vulnerability Essential
Home windows DHCP Server CVE-2025-32725 DHCP Server Service Denial of Service Vulnerability Essential
Home windows DWM Core Library CVE-2025-33052 Home windows DWM Core Library Data Disclosure Vulnerability Essential
Home windows Howdy CVE-2025-47969 Home windows Virtualization-Primarily based Safety (VBS) Data Disclosure Vulnerability Essential
Home windows Installer CVE-2025-33075 Home windows Installer Elevation of Privilege Vulnerability Essential
Home windows Installer CVE-2025-32714 Home windows Installer Elevation of Privilege Vulnerability Essential
Home windows KDC Proxy Service (KPSSVC) CVE-2025-33071 Home windows KDC Proxy Service (KPSSVC) Distant Code Execution Vulnerability Essential
Home windows Kernel CVE-2025-33067 Home windows Job Scheduler Elevation of Privilege Vulnerability Essential
Home windows Native Safety Authority (LSA) CVE-2025-33057 Home windows Native Safety Authority (LSA) Denial of Service Vulnerability Essential
Home windows Native Safety Authority Subsystem Service (LSASS) CVE-2025-32724 Native Safety Authority Subsystem Service (LSASS) Denial of Service Vulnerability Essential
Home windows Media CVE-2025-32716 Home windows Media Elevation of Privilege Vulnerability Essential
Home windows Netlogon CVE-2025-33070 Home windows Netlogon Elevation of Privilege Vulnerability Essential
Home windows Restoration Driver CVE-2025-32721 Home windows Restoration Driver Elevation of Privilege Vulnerability Essential
Home windows Distant Entry Connection Supervisor CVE-2025-47955 Home windows Distant Entry Connection Supervisor Elevation of Privilege Vulnerability Essential
Home windows Distant Desktop Companies CVE-2025-32710 Home windows Distant Desktop Companies Distant Code Execution Vulnerability Essential
Home windows Routing and Distant Entry Service (RRAS) CVE-2025-33064 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Essential
Home windows Routing and Distant Entry Service (RRAS) CVE-2025-33066 Home windows Routing and Distant Entry Service (RRAS) Distant Code Execution Vulnerability Essential
Home windows SDK CVE-2025-47962 Home windows SDK Elevation of Privilege Vulnerability Essential
Home windows Safe Boot CVE-2025-3052 Cert CC: CVE-2025-3052 InsydeH2O Safe Boot Bypass Essential
Home windows Safety App CVE-2025-47956 Home windows Safety App Spoofing Vulnerability Essential
Home windows Shell CVE-2025-47160 Home windows Shortcut Information Safety Characteristic Bypass Vulnerability Essential
Home windows SMB CVE-2025-33073 Home windows SMB Consumer Elevation of Privilege Vulnerability Essential
Home windows SMB CVE-2025-32718 Home windows SMB Consumer Elevation of Privilege Vulnerability Essential
Home windows Requirements-Primarily based Storage Administration Service CVE-2025-33068 Home windows Requirements-Primarily based Storage Administration Service Denial of Service Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-32719 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-24065 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-24068 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33055 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-24069 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33060 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33059 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33062 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33061 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33058 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-32720 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33065 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Administration Supplier CVE-2025-33063 Home windows Storage Administration Supplier Data Disclosure Vulnerability Essential
Home windows Storage Port Driver CVE-2025-32722 Home windows Storage Port Driver Data Disclosure Vulnerability Essential
Home windows Win32K – GRFX CVE-2025-32712 Win32k Elevation of Privilege Vulnerability Essential

Tines Needle

Patching used to imply complicated scripts, lengthy hours, and infinite hearth drills. Not anymore.

On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch quicker, cut back overhead, and give attention to strategic work — no complicated scripts required.

Previous articleProfiling the rising use of AI in public-sector WWTPs
Next articleInside Amsterdam’s high-stakes experiment to create truthful welfare AI
Jules Jacksonhttps://expertlifetips.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Load more

Recent Comments

ABOUT US

Expertlifetips is your technology, gadget, and 3D printing website. We provide you with the latest breaking news and videos straight from the technology industry.

POPULAR POSTS

POPULAR CATEGORY

Copyrights 2025 © expertlifetips.com. All rights reserved.