Microsoft has rolled out its massive security updates on the June patch day, fixing a total of 66 security vulnerabilities, including one known Zero-day issue, in its products.
This month’s wave of Patch Tuesday updates serves as a critical reminder of the importance of immediate patching, with fixes for one actively exploited zero-day vulnerability and nine other critical issues.
The actively used zero-day, tracked as CVE-2025-33053, impacts Web Distributed Authoring and Versioning (WebDAV) and could lead to remote code execution without authentication and by simply getting the user to click on a malicious link.
This “Important”-rated vulnerability, rated with a Common Vulnerability Scoring System (CVSS) of 8.8, is somewhat of a high-risk, mostly if you have an internet-facing WebDAV server. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this exposure to its Catalog of Known Exploited Vulnerabilities, and is urging federal agencies to fix it by July 1, 2025.
There are nine critical vulnerabilities in total that you will want to watch for, some of the most concerning due to the outsize impact they could have to the victim:
Microsoft Office Remote Code Execution (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167, CVE-2025-47953): These types of vulnerabilities enable an attacker to remotely run code on your machine without any user interaction, typically through local attacks.
Windows Remote Desktop Services Remote Code Execution (CVE-2025-32710): An attacker could exploit this issue to remotelyexecute arbitrary code without authentication.
Windows Cryptographic Services (Schannel) Remote Code Execution (CVE-2025-29828): An unauthenticated remote attacker could exploit a memory condition in the implementation of the Transport Layer Security (TLS) in Schannel to remotely execute code.
Windows Netlogon Elevation of Privilege (CVE-2025-33070) and Power Automate Elevation of Privilege (CVE-2025-47966): These could allow an attacker to elevate as privileges on the network.
Noteworthy fixes also include an elevation of privilege vulnerability in Windows SMB Client (CVE-2025-33073) publicly disclosed with proof-of-concept code. Updates for June 2025 address some of these:Windows and Windows Components, Microsoft Office versions,. NET and Visual Studio along with Windows Cryptographic Service.
Microsoft recommends all users and administrators to install these updates immediately to protect their system against any potential threats to their system and avoid any exploitation of their networks.
