Microsoft June 2025 Security Update: 66 vulnerabilities and two zero-days resolved

Last Tuesday, June 10, 2025, Microsoft released its usual monthly security patch, known as Patch Tuesday, correcting a total of 66 vulnerabilities. Among them, two zero-days stand out as particularly relevant.One of them was already being actively exploited, and another had been previously publicly disclosed. These updates affect various versions of Windows and the Microsoft Office suite of applications, as well as other products and services from the company.

La The total number of vulnerabilities covers different categories, from privilege escalation issues to remote code execution, information disclosure issues, and denial of service issues. According to the official breakdown, the following have been fixed: 13 elevation of privilege vulnerabilities, 25 remote code execution vulnerabilities, and 17 information breachesamong others.

Zero-days: what has been fixed this month

One of the most significant bugs resolved is CVE-2025-33053, which affects the Web Distributed Authoring and Versioning (WebDAV) system in Windows. This vulnerability was detected by Check Point Research following a failed cyberattack on a defense company in Turkey. The exploit allowed attackers to execute malicious code on vulnerable computers simply by having the victim click on a specially crafted WebDAV URL, using legitimate Windows tools to bypass restrictions. According to official information, Microsoft released the patch after being informed by researchers.

The second zero-day, CVE-2025-33073, affects the Windows SMB client and allows escalation of privileges at the system level If a user is tricked into connecting to a malicious server. This issue was publicly disclosed before an official patch was available, although it could be mitigated by enabling SMB signing via group policy. Microsoft has attributed the discovery of this vulnerability to an international team of cybersecurity experts.

Critical vulnerabilities and other bugs fixed

In addition to zero-days, The June 2025 update has addressed ten critical vulnerabilities, focusing mainly on the following products:

• Microsoft Office (including Excel, Outlook, Word, and PowerPoint): Several remote code execution flaws that could be exploited using the preview pane to execute malicious code on the system.
• Microsoft SharePoint Server: bugs that allowed authenticated remote attacks.
• Windows Schannel: Memory leak issue related to cryptographic security.
• Remote Desktop Gateway: allowed unauthorized access from the network.
• Windows Netlogon and KDC Proxy Service: flaws that, while requiring complex attacks, facilitated privilege escalation.
• Microsoft Power Automate: a bug with a CVSS score of 9.8, considered high risk and previously fixed this month.

Other improvements have affected Windows Installer, the DHCP protocol, system drivers and storage managementThe complete list of patches is available on the official Microsoft website for those who need a detailed technical analysis of each case.

Third-party security updates

Adobe, Cisco, Fortinet, Google, HPE, Ivanti, Qualcomm, Roundcube and SAP have also published recently critical patches for its products, responding to similar or potentially exploitable security discoveries. Highlights include Adobe updates for its Acrobat, InDesign, and Experience Manager applications, and Google fixes for Android and Chrome, which cover up several actively exploited vulnerabilities.

The technology ecosystem continues to see constant security patch activity as researchers and companies discover new flaws and threats evolve. The recommendation It is always about keeping systems up to date and apply the patches immediately para evitar riesgos innecesarios.

Breakdown of resolved vulnerabilities

Some of the most relevant vulnerabilities included in the monthly update are:

• CVE-2025-47162, CVE-2025-47164, CVE-2025-47167 and CVE-2025-47953 (Office): Possible attacks via the preview pane and local access.
• CVE-2025-47172 (SharePoint): Remote code execution by authenticated users.
• CVE-2025-29828 (Schannel): Memory leak in cryptographic services.
• CVE-2025-32710 (Remote Desktop Gateway): Unauthorized remote access.
• CVE-2025-33070 y CVE-2025-47966: Elevation of privileges in Netlogon and Power Automate.

The patches also address dozens of critical bugs, spanning multiple operating system services and components, Office applications, and administrative utilities. Microsoft highlights the importance of reviewing technical notes associated with each update, especially for those managing complex systems, as some changes may require specific actions or additional verifications depending on the configuration of the corporate environment.

These June 2025 updates reflect the Microsoft's effort to stop sophisticated attacks and ensure the integrity of its systems, in a context where the exploitation of vulnerabilities remains one of the main computer security threats.

Related article:

Microsoft strengthens Windows security with post-quantum encryption

Alberto Navarro

I am a technology enthusiast who has turned his "geek" interests into a profession. I have spent more than 10 years of my life using cutting-edge technology and tinkering with all kinds of programs out of pure curiosity. Now I have specialized in computer technology and video games. This is because for more than 5 years I have been writing for various websites on technology and video games, creating articles that seek to give you the information you need in a language that is understandable to everyone.

If you have any questions, my knowledge ranges from everything related to the Windows operating system as well as Android for mobile phones. And my commitment is to you, I am always willing to spend a few minutes and help you resolve any questions you may have in this internet world.