Microsoft June 2025 Patch Tuesday Fixes Critical Windows Flaws

Editorial Team 12th June 2025

2,655 3 minutes read

Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities

Microsoft has released its June 2025 Patch Tuesday security update, addressing a total of 66 vulnerabilities across its Windows operating systems and related products. This latest update cycle is notable for including fixes for two significant zero-day vulnerabilities, one of which is actively being exploited in the wild, as well as 10 critical flaws that pose significant risks to users and organizations.

The June 2025 Patch Tuesday encompasses a wide range of Microsoft products, with the majority of patches targeting various versions of Windows, including Windows 10, Windows 11, and supported server editions. Security updates have also been deployed for Microsoft Office, Power Automate, SharePoint, and several other platforms within the Microsoft ecosystem.

Of the 66 vulnerabilities addressed in this release, the breakdown by category is as follows: 13 elevation-of-privilege vulnerabilities, three security feature bypass flaws, 25 remote code execution vulnerabilities, 17 information disclosure vulnerabilities, six denial of service vulnerabilities, and two spoofing vulnerabilities. Notably, eight of the remote code execution vulnerabilities and two elevation-of-privilege bugs have been rated as critical, reflecting the potential for attackers to exploit these flaws for substantial impact.

The most urgent of the patched vulnerabilities is CVE-2025-33053, a remote code execution flaw affecting Microsoft Windows Web Distributed Authoring and Versioning (WebDAV). This vulnerability has already been exploited in targeted attacks and represents a significant security risk. Attackers can take advantage of this flaw if a user clicks on a specially crafted WebDAV URL, potentially allowing for arbitrary code execution on the affected system. The flaw, discovered by security researchers and tracked since at least March 2025, has been used by threat actors leveraging legitimate Windows tools and manipulating working directories to execute malicious files from compromised WebDAV servers.

In addition to CVE-2025-33053, Microsoft has addressed another zero-day vulnerability, CVE-2025-33073, involving the Windows Server Message Block (SMB) client. This elevation-of-privilege flaw, which was publicly disclosed prior to the release of a patch, enables attackers to gain SYSTEM privileges on vulnerable devices. By executing a specially crafted malicious script, an attacker could coerce a target machine into connecting to a malicious SMB server, thereby gaining elevated access and potentially compromising sensitive information or system functionality.

Microsoft has acknowledged the increasing sophistication of attack methods targeting both legacy and modern components of Windows. For example, CVE-2025-33053 exploits legacy components such as MSHTML, which remain present in all supported versions of Windows due to ongoing compatibility requirements. Despite the migration to newer operating systems, some applications still depend on these older components, perpetuating exposure to such threats.

The June 2025 update also includes fixes for critical vulnerabilities in additional Windows subsystems and Microsoft products. Among these is CVE-2025-33071, a remote code execution flaw in the Windows Kerberos Key Distribution Center Proxy Service (KPSSVC). If exploited, this vulnerability could allow an attacker to execute malicious code on targeted systems, though Microsoft notes that domain controllers are generally not affected. Another critical remote code execution flaw, CVE-2025-29828, impacts Windows Schannel, a component responsible for handling TLS connections. An attacker could exploit this by sending a flood of specially crafted “Hello” messages to a vulnerable server, potentially disrupting secure communications and compromising system integrity.

Windows Netlogon is affected by CVE-2025-33070, an elevation-of-privilege vulnerability that could enable an attacker to obtain domain administrator privileges by sending crafted logon requests to a domain controller. Microsoft has assessed this vulnerability as highly likely to be exploited, highlighting the ongoing risks associated with authentication and identity management in enterprise environments.

The security update further addresses vulnerabilities in Microsoft Office, including five critical remote code execution flaws affecting components such as SharePoint, Excel, and Outlook. In several cases, vulnerabilities can be triggered simply by displaying a malicious file in the preview window, eliminating the need for the user to open or interact with the file directly. This heightens the potential risk of exploitation through common business workflows and email-based attacks.

Microsoft Power Automate, formerly known as Microsoft Flow, was also subject to a critical elevation-of-privilege vulnerability, CVE-2025-47966. The company has issued a fix to mitigate risks associated with automation workflows in cloud environments.

Beyond Microsoft’s ecosystem, the June 2025 Patch Tuesday coincided with the release of critical security updates by other major technology vendors. Adobe, Cisco, Fortinet, Google, Hewlett Packard Enterprise, Ivanti, Qualcomm, Roundcube, and SAP have all issued patches this month for high- and critical-severity vulnerabilities affecting their respective products. Some of these flaws, including zero-day vulnerabilities in Google Chrome and Qualcomm’s Adreno GPU drivers, have also been exploited in targeted attacks.

The current update is particularly crucial given the impending end of support for Windows 10, scheduled for October 2025. Users and organizations relying on outdated Windows versions, such as Windows 7 and 8.1, remain exposed to unpatched vulnerabilities as these platforms no longer receive security updates. Microsoft strongly advises upgrading to Windows 11 24H2 or later to maintain security coverage and minimize exposure to evolving threats.

For the majority of users, Microsoft’s security updates are delivered automatically via the Windows Update service. However, it remains essential for individuals and IT administrators to verify that updates have been installed promptly to reduce the window of vulnerability. This can be accomplished by navigating to the Windows Update section in system settings and manually checking for updates if necessary.