Microsoft’s June 2025 Patch Tuesday
Active Zero-Day Exploitation Highlights Urgent Need for Microsoft’s Latest Security Updates – Advanced Threat Groups Exploit Windows Vulnerabilities Fixed
Microsoft’s June 2025 Patch Tuesday: Critical Zero-Day and 66 Security Vulnerabilities Addressed
Microsoft released its June 2025 Patch Tuesday security updates on June 10, 2025, addressing a total of 66 vulnerabilities across its software ecosystem. This month’s updates include fixes for 10 critical vulnerabilities and two zero-day flaws, one of which has been actively exploited in the wild by advanced persistent threat groups. The patches cover a wide range of products including Windows, Microsoft Office, .NET, Visual Studio, and more.
Key Vulnerabilities Addressed
CVE-2025-33053: WebDAV Zero-Day Vulnerability (Actively Exploited)
The most significant vulnerability patched this month is CVE-2025-33053, a remote code execution flaw in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) implementation. This vulnerability has been assigned a CVSS score of 8.8 and was actively exploited by the Stealth Falcon APT group before the patch was released. The flaw allows attackers to execute arbitrary code by manipulating file names or paths within WebDAV through specially crafted URLs or files. Security researchers at Check Point Research discovered this vulnerability and provided evidence of its active exploitation targeting a Turkish defense company in March 2025.
CVE-2025-33073: Windows SMB Client Elevation of Privilege (Publicly Disclosed)
This elevation of privilege vulnerability affects the Windows Server Message Block (SMB) client and carries a CVSS score of 8.8. The flaw was publicly disclosed by security researchers at RedTeam Pentesting GmbH before Microsoft released a patch. Successful exploitation requires an attacker to execute a crafted script to force a target device to connect to an attacker-controlled machine using SMB credentials, potentially allowing the attacker to elevate their privileges to SYSTEM level.
Critical Microsoft Office Vulnerabilities
Microsoft patched multiple critical remote code execution vulnerabilities in Office applications, including CVE-2025-47162, CVE-2025-47164, and CVE-2025-47167. These vulnerabilities have CVSS scores of 8.4 and were discovered by security researcher 0x140ce. Notably, these flaws can be exploited through the Preview Pane, meaning simply viewing a malicious file in Outlook or other Office applications could trigger code execution without user interaction.
Additional Critical Vulnerabilities
Other notable vulnerabilities include CVE-2025-33070 (Windows Netlogon elevation of privilege), CVE-2025-33071 (Windows Kerberos KDC proxy service remote code execution), and CVE-2025-32713 (Windows Common Log File System Driver elevation of privilege). These vulnerabilities range from CVSS scores of 7.8 to 8.1 and could allow attackers to gain domain administrator privileges or execute arbitrary code.
Vulnerability Breakdown by Category
The June 2025 Patch Tuesday addresses vulnerabilities across multiple categories:
- Remote Code Execution: 25 vulnerabilities (38.5%)
- Information Disclosure: 17 vulnerabilities (26.2%)
- Elevation of Privilege: 13 vulnerabilities
- Denial of Service: 6 vulnerabilities
- Security Feature Bypass: 3 vulnerabilities
- Spoofing: 2 vulnerabilities
| CVE | Title | Severity | CVSS | Public | Exploited | Type |
| CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability | Important | 8.8 | No | Yes | RCE |
| CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability | Important | 8.8 | Yes | No | EoP |
| CVE-2025-47162 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE |
| CVE-2025-47164 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE |
| CVE-2025-47167 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE |
| CVE-2025-47953 | Microsoft Office Remote Code Execution Vulnerability | Critical | 8.4 | No | No | RCE |
| CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | RCE |
| CVE-2025-47966 | Power Automate Elevation of Privilege Vulnerability | Critical | 9.8 | No | No | EoP |
| CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2025-33070 | Windows Netlogon Elevation of Privilege Vulnerability | Critical | 8.1 | No | No | EoP |
| CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | Critical | 8.1 | No | No | RCE |
| CVE-2025-30399 | .NET and Visual Studio Remote Code Execution Vulnerability | Important | 7.5 | No | No | RCE |
| CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass | Important | 6.7 | No | No | SFB |
| CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2025-32724 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2025-47968 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-47165 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47174 | Microsoft Excel Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47173 | Microsoft Office Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47171 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 6.7 | No | No | RCE |
| CVE-2025-47176 | Microsoft Outlook Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47163 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2025-47166 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2025-47168 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47169 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47170 | Microsoft Word Remote Code Execution Vulnerability | Important | 7.8 | No | No | RCE |
| CVE-2025-47957 | Microsoft Word Remote Code Execution Vulnerability | Important | 8.4 | No | No | RCE |
| CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Important | 7.6 | No | No | Spoofing |
| CVE-2025-32715 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important | 6.5 | No | No | Info |
| CVE-2025-47959 | Visual Studio Remote Code Execution Vulnerability | Important | 7.1 | No | No | RCE |
| CVE-2025-32712 | Win32k Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33069 | Windows App Control for Business Security Feature Bypass Vulnerability | Important | 5.1 | No | No | SFB |
| CVE-2025-32713 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33052 | Windows DWM Core Library Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-32714 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33075 | Windows Installer Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33056 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2025-33057 | Windows Local Security Authority (LSA) Denial of Service Vulnerability | Important | 6.5 | No | No | DoS |
| CVE-2025-32716 | Windows Media Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-32721 | Windows Recovery Driver Elevation of Privilege Vulnerability | Important | 7.3 | No | No | EoP |
| CVE-2025-47955 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33064 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2025-33066 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Important | 8.8 | No | No | RCE |
| CVE-2025-47962 | Windows SDK Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-47956 | Windows Security App Spoofing Vulnerability | Important | 5.5 | No | No | Spoofing |
| CVE-2025-47160 | Windows Shortcut Files Security Feature Bypass Vulnerability | Important | 5.4 | No | No | SFB |
| CVE-2025-32718 | Windows SMB Client Elevation of Privilege Vulnerability | Important | 7.8 | No | No | EoP |
| CVE-2025-33068 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important | 7.5 | No | No | DoS |
| CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-32719 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-32720 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33055 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33058 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33059 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33060 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33061 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33062 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33063 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-32722 | Windows Storage Port Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | Info |
| CVE-2025-33067 | Windows Task Scheduler Elevation of Privilege Vulnerability | Important | 8.4 | No | No | EoP |
| CVE-2025-5068 * | Chromium: CVE-2025-5068 Use after free in Blink | Medium | N/A | No | No | RCE |
Impact and Exploitation Risk
Microsoft has assessed several of these vulnerabilities as “Exploitation More Likely,” particularly the Office Preview Pane vulnerabilities and the Windows Netlogon flaw. The active exploitation of CVE-2025-33053 by the Stealth Falcon APT group demonstrates the immediate threat these vulnerabilities pose to organizations worldwide. The group has a history of targeting government and government-adjacent entities across the Middle East using sophisticated techniques including zero-day exploits.
Mitigation and Recommendations
Organizations should prioritize patching systems exposed to the internet, particularly those running WebDAV or SMB services. For systems that cannot be immediately patched, Microsoft recommends enforcing server-side SMB signing for Windows clients and servers as a temporary mitigation for CVE-2025-33073. The WebDAV vulnerability (CVE-2025-33053) has been added to CISA’s Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by June 24, 2025.
How CinchOps Can Help
In today’s rapidly evolving threat environment, staying ahead of security vulnerabilities like those addressed in Microsoft’s June 2025 Patch Tuesday requires more than just applying patches. CinchOps provides comprehensive cybersecurity solutions designed to protect your business from both known and emerging threats.
- Proactive Patch Management: Our managed IT support services ensure that critical security updates are deployed promptly and efficiently across your entire infrastructure, preventing vulnerabilities like CVE-2025-33053 from being exploited
- 24/7 Security Monitoring: We monitor for new vulnerabilities around the clock and maintain detailed patch management schedules that prioritize critical fixes based on your specific business requirements and risk profile
- Advanced Threat Detection: Our cybersecurity solutions include threat detection and response capabilities that can identify suspicious activities like those used by the Stealth Falcon APT group in their exploitation of zero-day vulnerabilities
- Comprehensive Network Protection: CinchOps offers complete cybersecurity solutions that continuously monitor your network for signs of compromise and respond immediately to potential threats before they can cause damage to your business operations
- Expert Security Guidance: Our security experts provide ongoing consultation and recommendations to help your organization maintain a strong security posture against evolving cyber threats
With CinchOps as your managed services provider, you won’t have to worry about missing crucial security updates that could leave your systems vulnerable to attack.
Discover More 
Discover more about our enterprise-grade and business protecting cybersecurity services: CinchOps Cybersecurity
Discover related topics: Patching Vulnerabilities Faster: The Key to Reducing Cyber Risk
For Additional Information on this topic: Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
FREE CYBERSECURITY ASSESSMENT
