Microsoft Patch Tuesday June 2025

Published: 2025-06-10. Last Updated: 2025-06-10 17:50:23 UTC
by Johannes Ullrich (Version: 1)

Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.

Notable Vulnerabilities:

CVE-2025-33053: WebDAV remote code execution vulnerability. This vulnerability has already been exploited. Microsoft rates it as important. This affects the client part of WebDAV, not the server part. User interaction is required. If an attacker can control the file name and path, they can trick the victim into executing code over the network. This is another issue related to the still supported remnants of Internet Explorer, like the Scripting Engine and MSHTML. You must apply the IE Cumulative Update to patch, even if you no longer use IE.

CVE-2025-33073: A Windows SMB client elevation of Privilege Vulnerability. This vulnerability has already been disclosed but Microsoft has not yet observed it being exploited. An attacker exploiting this vulnerability will gain SYSTEM privileges. But Microsoft considers successful exploitation less likely. An attacker would need the victim to connect to a malicious SMB server.

CVE-2025-32710: An unauthenticated remote code execution vulnerability in the remote desktop service. But it requires the exploitation of a race condition. Microsoft believes it is less likely that an exploit will become available.

CVE-2025-29828: Microsoft states that this vulnerability is due to a "missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network". This vulnerability worries me a bit if this could be used to exploit various TLS services. However, not enough is known to gauge the exploitability. Microsoft considers the attack as "highly complex" and exploitation as less likely.

Microsoft Office Remote Code Execution Vulnerability: Four of the critical vulnerabilities apply to Microsoft Office. These are rated critical as they may be exploited via the preview pane, without actually opening the malicious document.

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-30399	No	No	-	-	Important	7.5	6.5
Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass
CVE-2025-3052	No	No	-	-	Important	6.7	5.8
DHCP Server Service Denial of Service Vulnerability
CVE-2025-32725	No	No	-	-	Important	7.5	6.5
CVE-2025-33050	No	No	-	-	Important	7.5	6.5
Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2025-32724	No	No	-	-	Important	7.5	6.5
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
CVE-2025-47968	No	No	-	-	Important	7.8	6.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47165	No	No	-	-	Important	7.8	6.8
CVE-2025-47174	No	No	-	-	Important	7.8	6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47162	No	No	-	-	Critical	8.4	7.3
CVE-2025-47953	No	No	-	-	Critical	8.4	7.3
CVE-2025-47164	No	No	-	-	Critical	8.4	7.3
CVE-2025-47167	No	No	-	-	Critical	8.4	7.3
CVE-2025-47173	No	No	-	-	Important	7.8	6.8
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47171	No	No	-	-	Important	6.7	5.8
CVE-2025-47176	No	No	-	-	Important	7.8	6.8
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-47175	No	No	-	-	Important	7.8	6.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47163	No	No	-	-	Important	8.8	7.7
CVE-2025-47166	No	No	-	-	Important	8.8	7.7
CVE-2025-47172	No	No	-	-	Critical	8.8	7.7
Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47957	No	No	-	-	Important	8.4	7.3
CVE-2025-47168	No	No	-	-	Important	7.8	6.8
CVE-2025-47169	No	No	-	-	Important	7.8	6.8
CVE-2025-47170	No	No	-	-	Important	7.8	6.8
Nuance Digital Engagement Platform Spoofing Vulnerability
CVE-2025-47977	No	No	-	-	Important	7.6	6.6
Power Automate Elevation of Privilege Vulnerability
CVE-2025-47966	No	No	-	-	Critical	9.8	8.5
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32715	No	No	-	-	Important	6.5	5.7
Visual Studio Remote Code Execution Vulnerability
CVE-2025-47959	No	No	-	-	Important	7.1	6.2
Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
CVE-2025-33053	No	Yes	-	-	Important	8.8	8.2
Win32k Elevation of Privilege Vulnerability
CVE-2025-32712	No	No	-	-	Important	7.8	6.8
Windows App Control for Business Security Feature Bypass Vulnerability
CVE-2025-33069	No	No	-	-	Important	5.1	4.5
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32713	No	No	-	-	Important	7.8	6.8
Windows DWM Core Library Information Disclosure Vulnerability
CVE-2025-33052	No	No	-	-	Important	5.5	4.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2025-32714	No	No	-	-	Important	7.8	6.8
CVE-2025-33075	No	No	-	-	Important	7.8	6.8
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
CVE-2025-33071	No	No	-	-	Critical	8.1	7.1
Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2025-33056	No	No	-	-	Important	7.5	6.5
CVE-2025-33057	No	No	-	-	Important	6.5	5.7
Windows Media Elevation of Privilege Vulnerability
CVE-2025-32716	No	No	-	-	Important	7.8	6.8
Windows Netlogon Elevation of Privilege Vulnerability
CVE-2025-33070	No	No	-	-	Critical	8.1	7.1
Windows Recovery Driver Elevation of Privilege Vulnerability
CVE-2025-32721	No	No	-	-	Important	7.3	6.4
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-47955	No	No	-	-	Important	7.8	6.8
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-32710	No	No	-	-	Critical	8.1	7.1
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-33064	No	No	-	-	Important	8.8	7.7
CVE-2025-33066	No	No	-	-	Important	8.8	7.7
Windows SDK Elevation of Privilege Vulnerability
CVE-2025-47962	No	No	-	-	Important	7.8	6.8
Windows SMB Client Elevation of Privilege Vulnerability
CVE-2025-32718	No	No	-	-	Important	7.8	6.8
CVE-2025-33073	Yes	No	-	-	Important	8.8	7.9
Windows Schannel Remote Code Execution Vulnerability
CVE-2025-29828	No	No	-	-	Critical	8.1	7.1
Windows Security App Spoofing Vulnerability
CVE-2025-47956	No	No	-	-	Important	5.5	4.8
Windows Shortcut Files Security Feature Bypass Vulnerability
CVE-2025-47160	No	No	-	-	Important	5.4	4.7
Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2025-33068	No	No	-	-	Important	7.5	6.5
Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-32719	No	No	-	-	Important	5.5	4.8
CVE-2025-32720	No	No	-	-	Important	5.5	4.8
CVE-2025-33058	No	No	-	-	Important	5.5	4.8
CVE-2025-33059	No	No	-	-	Important	5.5	4.8
CVE-2025-33060	No	No	-	-	Important	5.5	4.8
CVE-2025-33061	No	No	-	-	Important	5.5	4.8
CVE-2025-33062	No	No	-	-	Important	5.5	4.8
CVE-2025-33063	No	No	-	-	Important	5.5	4.8
CVE-2025-33065	No	No	-	-	Important	5.5	4.8
CVE-2025-24068	No	No	-	-	Important	5.5	4.8
CVE-2025-24069	No	No	-	-	Important	5.5	4.8
CVE-2025-24065	No	No	-	-	Important	5.5	4.8
CVE-2025-33055	No	No	-	-	Important	5.5	4.8
Windows Storage Port Driver Information Disclosure Vulnerability
CVE-2025-32722	No	No	-	-	Important	5.5	4.8
Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2025-33067	No	No	-	-	Important	8.4	7.3
Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability
CVE-2025-47969	No	No	-	-	Important	4.4	3.9

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords: microsoft patch tuesday

0 comment(s)

ISC Stormcast For Tuesday, June 10th, 2025 https://isc.sans.edu/podcastdetail/9486

Internet Storm Center

Microsoft Patch Tuesday June 2025

Comments