June 2025 Patch Tuesday: Microsoft Fixes 66 Flaws, Including Actively Exploited Zero-Day!
Do Son 
The June edition of Microsoft’s Patch Tuesday security updates included fixes for 66 vulnerabilities. Among them, one had already been actively exploited in the wild, while another had been publicly disclosed prior to the release of an official patch. Notably, ten vulnerabilities were classified as critical—eight of which allowed for remote code execution, while two involved privilege escalation.
A detailed breakdown by category reveals the following: 13 issues pertained to elevation of privilege, 3 to security feature bypass, 25 to remote code execution, 17 to information disclosure, 6 to denial of service, and 2 to spoofing. This count excludes vulnerabilities previously addressed earlier in the month in products such as Mariner, Microsoft Edge, and Power Automate.
One of the most severe flaws addressed this month was CVE-2025-33053, affecting the Web Distributed Authoring and Versioning (WEBDAV) component in Windows. This vulnerability allowed remote attackers to execute arbitrary code on a target system if a user followed a specially crafted WebDAV link.
The vulnerability was discovered by the team at Check Point Research, who reported that the attack exploited manipulations within the working directory of a built-in Windows utility. In March 2025, this flaw was used in an attempted cyberattack against a defense contractor in Turkey, allegedly carried out by the APT group Stealth Falcon. Microsoft assigned the identifier CVE-2025-33053 and included it in the June 10, 2025 update rollup. Credit for the discovery was given to Alexandra Gofman and David Driker of Check Point Research.
The second notable vulnerability, CVE-2025-33073, concerns the Windows SMB client and was publicly disclosed prior to patch release. It enables an authenticated attacker to escalate privileges to SYSTEM level through network interaction. The issue lies in improper access control implementation within the SMB protocol, which can allow an attacker to coerce a vulnerable machine into connecting to a malicious server and authenticating against it.
Microsoft did not disclose the source of the initial vulnerability report; however, Born City cited a warning issued by DFN-CERT, which relayed a security advisory from RedTeam Pentesting several days before the official patch was published. A temporary mitigation involves enforcing SMB signing on the server via Group Policy. The vulnerability was identified through collaborative efforts by several researchers, including Keisuke Hirata of CrowdStrike, teams from Synacktiv and RedTeam Pentesting GmbH, Stefan Walter of SySS GmbH, and James Forshaw of Google Project Zero.
Beyond Microsoft, other major vendors also released security bulletins in June. Adobe patched vulnerabilities across multiple products, including InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler, Acrobat Reader, and Substance 3D Painter.
Google’s June Android security update addressed several flaws, including an actively exploited zero-day vulnerability in the Chrome browser. Hewlett Packard Enterprise issued patches for eight vulnerabilities in its StoreOnce solution, while Ivanti remediated three flaws involving hardcoded credentials in its Workspace Control (IWC) product.
Particular attention is warranted for Qualcomm’s report, which detailed the remediation of three zero-day vulnerabilities in the Adreno GPU driver, previously used in targeted attacks. Additionally, a critical vulnerability in the Roundcube email client—allowing remote code execution and already under active exploitation—was addressed. SAP also issued updates for a wide array of products, including a critical fix for missing authorization checks in SAP NetWeaver Application Server for ABAP.
June’s patch cycle underscores the heightened tempo of cyber threats and the imperative of timely patch deployment, particularly in light of multiple actively exploited zero-day vulnerabilities.
Donate