Microsoft’s June Patch Tuesday replace has landed, bringing safety fixes for 66 vulnerabilities throughout its product line. Among the many patched flaws is one which was already being exploited in real-world assaults, making this month’s updates significantly vital for each enterprises and particular person customers.
One Zero-Day Actively Exploited
The standout repair addresses CVE-2025-33053, a vulnerability within the WebDAV part of Home windows. This flaw may permit attackers to execute code remotely if exploited appropriately. Because it was already being utilized in assaults earlier than as we speak’s patch launch, it falls into the “zero-day” class.
The WebDAV vulnerability impacts each Home windows 10 and Home windows 11, together with associated server variations. Whereas Microsoft has not disclosed the complete particulars of the assaults, they’ve confirmed that the bug was present in use within the wild.
10 Vital Points Fastened
Along with the zero-day, Microsoft patched 10 vulnerabilities rated Vital, which typically means they permit distant code execution or elevation of privilege with out a lot person interplay. These embody 4 bugs in Microsoft Workplace, which proceed to be a daily goal for attackers seeking to ship malicious paperwork by way of e mail.
Different merchandise receiving fixes embody Microsoft Edge, Energy Automate, .NET, and elements of Home windows itself. Whereas not one of the different points have been reported as actively exploited, a number of are marked as extra prone to be focused within the close to time period.
Home windows Replace Particulars
The up to date packages can be found now and embody:
- Home windows 11: KB5060842 (22H2 and 23H2)
- Home windows 10: KB5060533 and KB5060999
- Home windows Server variations: Additionally up to date, relying on the construct in use.
Admins ought to verify their replace administration techniques to verify rollout and assess any compatibility issues that will come up from the most recent patches.
Why This Month Issues
The fast exploitation of CVE-2025-33053 as soon as once more exhibits how briskly attackers transfer when new vulnerabilities are disclosed. Whereas zero days usually make headlines, the opposite fixes shouldn’t be ignored. A number of of this month’s bugs contain elements usually uncovered to the web or steadily utilized in enterprise environments.
Corporations that delay patching usually are not simply risking information theft but additionally the price of restoration from ransomware, which frequently begins with bugs like those patched as we speak.
Nick Carroll, cyber incident response supervisor at Nightwing, the intelligence options firm divested from RTX, commented on the Patch Tuesday occasion, stating, “There are a few vulnerabilities for the Home windows Frequent Log File System (CVE-2025-32701 and CVE-2025-32706) that are Priv Esc vulnerabilities. These aren’t vital, which suggests some organizations received’t prioritize patching them as shortly as they in all probability ought to. And in case you have a look at what tends to get a whole lot of consideration, vital vulnerabilities catch all the thrill,” famous Nick.
“However we see actual world assaults abusing that Home windows Log File subsystem fairly usually. In reality, Nightwing has defended in opposition to exploits within the Home windows Frequent Log File System in actual world assaults final month associated to the lately patched CVE-2025-29824 the place the menace actors have been abusing Residing-off-the-Land techniques along with the exploit,” he added.
What to Do Now
- Apply all accessible June updates as quickly as doable, particularly for techniques utilizing WebDAV
- Evaluate your Workplace file dealing with insurance policies, particularly if customers steadily obtain paperwork from outdoors the group
- Monitor community visitors for indicators of suspicious exercise linked to WebDAV or different patched companies
- Take a look at in staging environments earlier than rolling out company-wide, particularly in environments with older or custom-made software program stacks
Microsoft’s full advisory might be discovered on its official safety replace information. Patching shortly stays one of many easiest and handiest defences in opposition to many types of cyberattacks.
