Microsoft Security

June 2025 Patch Tuesday: 66 Vulnerabilities Fixed, Including Two Zero-Days

/ by Corentin C | Leave a comment

Microsoft June 2025 Patch Tuesday

Microsoft’s June 2025 Patch Tuesday delivers security updates for 66 vulnerabilities, including one zero-day that’s actively exploited in the wild and another that was publicly disclosed prior to today’s fix. This month’s rollout addresses ten Critical bugs—eight are remote code execution (RCE) flaws, and two are elevation of privilege (EoP) vulnerabilities.

The breakdown by type:

  • 25 Remote Code Execution
  • 13 Elevation of Privilege
  • 17 Information Disclosure
  • 6 Denial of Service
  • 3 Security Feature Bypass
  • 2 Spoofing

🛑 Zero-Day Vulnerabilities – June 2025

CVETitleTypeExploitedDisclosedDetails
CVE-2025-33053WebDAV Remote Code ExecutionRCEExploited by APT group Stealth Falcon using malicious WebDAV URLs. Affects built-in Windows tools. Discovered by Check Point Research.
CVE-2025-33073Windows SMB Client Elevation of PrivilegeEoPPublicly disclosed. Exploitable via SMB coercion to gain SYSTEM privileges. Reported by multiple researchers including CrowdStrike, Synacktiv, and Google Project Zero.

These updates exclude fixes for Microsoft Edge, Mariner, and Power Automate. Non-security improvements are available in Windows 11 cumulative updates KB5060842 and KB5060999, and Windows 10 cumulative update KB5060533.

IT admins are advised to prioritize patching the above zero-days and other Critical vulnerabilities affecting Microsoft Office, SharePoint, WebDAV, and core Windows services.

📝 Complete List of Resolved Windows Vulnerabilities – June 2025

  • 13 Elevation of Privilege
  • 3 Security Feature Bypass
  • 25 Remote Code Execution
  • 17 Information Disclosure
  • 6 Denial of Service
  • 2 Spoofing

This includes critical issues in components like:

  • Office (Word, Excel, Outlook, SharePoint)
  • Windows WebDAV, Netlogon, Remote Desktop Services, Kernel, and SMB
  • Visual Studio, Windows Installer, Storage Management, DHCP, and LSASS

For the full list of CVEs and affected systems, consult the official Microsoft release documentation.

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

adware pup

List of Common Potentially Unwanted Programs (PUPs)

Potentially unwanted programs (PUPs) may seem harmless at first, but they often bring adware, trackers, or performance issues. In this post, we explore popular PUPs to watch out for and how to avoid installing them accidentally.

Read more »

Microsoft May 2025 Patch Tuesday

Microsoft May 2025 Patch Tuesday – Overview and Analysis

Microsoft's May 2025 Patch Tuesday delivers crucial security updates for 71 vulnerabilities, including five zero-days actively exploited in the wild. This month’s patch spans across major products like Windows, Azure, and Visual Studio, strengthening defenses against Remote Code Execution (RCE) and Elevation of Privilege (EoP) vulnerabilities.

Read more »

microsoft-patch-tuesday

Microsoft’s April 2025 Patch Tuesday: 121 Vulnerabilities Patched, Including One Zero-Day Exploited in the Wild

Microsoft's April 2025 Patch Tuesday addresses 121 vulnerabilities, including a zero-day actively exploited. Critical RDP and LDAP flaws highlight the urgency of this month's security updates.

Read more »

microsoft-patch-tuesday

March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, Including 7 Zero-Days

Microsoft's March 2025 Patch Tuesday delivers security updates for 57 vulnerabilities, with 7 zero-day flaws, including 6 that are actively exploited. Critical bugs affect components like NTFS, Microsoft Access, and Windows Server, highlighting the urgent need to apply these patches.

Read more »

crypto eth coin

Bybit Hacked: Largest Crypto Theft in History

Bybit, one of the largest cryptocurrency exchanges, has been hacked for $1.46 billion in digital assets, marking the biggest crypto theft in history. The attackers exploited a vulnerability in the exchange’s multisignature wallet, siphoning funds through a masked transaction. Despite the massive loss, Bybit assures users that all funds remain 1:1 backed. Read more about the breach and its implications for the crypto industry.

Read more »

openssh

OpenSSH Vulnerabilities: CVE-2025-26465 and CVE-2025-26466

Two critical OpenSSH vulnerabilities have been discovered: a MitM attack (CVE-2025-26465) and a DoS attack (CVE-2025-26466). Learn how to protect your systems with recommended security measures.

Read more »

Microsoft Majorana 1

Microsoft Unveils Majorana 1: A Quantum Leap in Computing

Microsoft has unveiled the Majorana 1 chip, a groundbreaking quantum chip that utilizes a new Topological Core architecture. This innovation aims to enable quantum computers capable of solving significant industrial challenges in years rather than decades, leveraging topoconductors to produce stable and scalable qubits. With a vision to reach a million qubits, Microsoft is set to revolutionize industries from healthcare to materials science.

Read more »

Apple Security

Apple Releases Security Fixes in iOS 18.3.1 and iPadOS 18.3.1

Apple’s latest iOS 18.3.1 and iPadOS 18.3.1 updates fix a critical security flaw that could allow attackers to bypass USB Restricted Mode on locked devices. This vulnerability (CVE-2025-24200) has been exploited in targeted attacks. Learn why this update matters and how to secure your device.

Read more »

valve piratefi

PirateFi Malware Incident: A Warning to Steam Gamers

Valve has warned Steam users about PirateFi, a recently released game that was found to contain malware. The malicious files aimed to steal browser cookies, leading to account hijacking. Learn what happened and how to stay safe. Valve has recently issued a security alert to Steam users regarding a newly released game, PirateFi, which was found to contain malware. This alarming discovery has raised concerns among gamers, emphasizing the importance of vigilance when downloading and launching games from digital platforms.

Read more »

Microsoft Deepseek R1

DeepSeek R1: Microsoft’s Strategic Move in AI Beyond OpenAI

Microsoft has added DeepSeek R1 to its Azure AI Foundry, offering a cost-effective and high-performance AI model. With local execution support on Copilot+ PCs and growing security concerns, this move signals Microsoft's shift towards AI diversification beyond OpenAI.

Read more »

Apple Security

Apple Faces UK Government Demand for Encrypted iCloud Backdoor

Apple is facing pressure from the UK government to create a backdoor for encrypted iCloud backups under the Investigatory Powers Act. If implemented, this could compromise global user privacy and set a dangerous precedent for digital security.

Read more »

FMRS Furtivex Malware Removal Script

Welcoming Furtivex Malware Removal Script to ToolsLib!

We’re excited to welcome Furtivex Malware Removal Script to ToolsLib! This free, portable malware scanner provides aggressive threat removal, system integrity checks, and comprehensive logging. Download it today and boost your security!

Read more »

To top
×