Skip to main content

Microsoft Releases June 2025 Security Updates

Scheduled updates for Microsoft products, including security updates for 66 vulnerabilities, of which 1 has been reported as actively exploited.

Threat ID:
CC-4666
Threat Severity:
Medium
Published:
11 June 2025 1:29 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products, including security updates for 66 vulnerabilities, of which 1 has been reported as actively exploited.

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows Server

Microsoft Office

Microsoft SharePoint Server

The following platforms are also known to be affected:

  • .NET and Visual Studio
  • App Control for Business (WDAC)
  • Microsoft AutoUpdate (MAU)
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office PowerPoint
  • Microsoft Office Word
  • Remote Desktop Client
  • Servicing Stack Updates
  • Visual Studio
  • WebDAV
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DHCP Server
  • Windows DWM Core Library
  • Windows Hello
  • Windows Installer
  • Windows KDC Proxy Service (KPSSVC)
  • Windows Kernel
  • Windows Local Security Authority (LSA)
  • Windows Local Security Authority Subsystem Service (LSASS)
  • Windows Media
  • Windows Netlogon
  • Windows Recovery Driver
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop Services
  • Windows Routing and Remote Access Service (RRAS)
  • Windows SDK
  • Windows Secure Boot
  • Windows Security App
  • Windows Shell
  • Windows SMB
  • Windows Standards-Based Storage Management Service
  • Windows Storage Management Provider
  • Windows Storage Port Driver
  • Windows Win32K - GRFX

Threat details

Windows 10 Approaching End-of-Support

Microsoft has announced plans to discontinue support for Windows 10 after 14 October 2025, after which no security updates will be received. The NHS England National CSOC strongly encourages organisations to ensure they implement a plan to upgrade to a supported platform before this date to continue receiving security updates.

CVE-2025-33053 Under Active Exploitation

Microsoft has reported that CVE-2025-33053 in Web Distributed Authoring and Versioning (WEBDAV) is under active exploitation. The NHS England National CSOC assesses further exploitation as likely.

Additionally, Microsoft has reported that a proof-of-concept exploit is available for CVE-2025-33073 in Windows SMB Client.

Introduction

Microsoft has released security updates to address 66 vulnerabilities in Microsoft products. 8 vulnerabilities are highlighted below, of which 1 is known to be actively exploited and 1 that has a public proof-of-concept exploit.

Vulnerability details

  • CVE-2025-33053 -Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability 

CVE-2025-33053 is an "external control of file name or path" vulnerability in Web Distributed Authoring and Versioning (WEBDAV) with a CVSSv3 score of 8.8. Successful exploitation could allow a remote, unauthenticated attacker to perform remote code execution (RCE) if a user clicks on a malicious URL. Microsoft reports that this vulnerability is under active exploitation.

  • CVE-2025-33073 - Windows SMB Client Elevation of Privilege Vulnerability

CVE-2025-33073 is an "improper access control" vulnerability in the Windows SMB Client with a CVSSv3 score 8.8. Successful exploitation could allow a remote attacker to escalate their privileges to SYSTEM. Microsoft reports that this vulnerability has a public proof-of-concept exploit.

  • CVE-2025-32710 - Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-32710 is a "use-after-free" and "race condition" vulnerability in Windows Remote Desktop Services with a CVSSv3 score of 8.1. Successful exploitation could allow a remote, unauthenticated attacker to execute remote code.

  • CVE-2025-47172 - Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2025-47172 is a "SQL injection" vulnerability in Microsoft SharePoint Server with a CVSSv3 score of 8.8. Successful exploitation could allow a remote, authenticated attacker to execute arbitrary code on the SharePoint server.

  • CVE-2025-47953 - Microsoft Office Remote Code Execution Vulnerability

CVE-2025-47953 is an "improper restriction of names for files and other resources" vulnerability in Microsoft Office with a CVSSv3 score of 8.4. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code locally.

  • CVE-2025-47162 - Microsoft Office Remote Code Execution Vulnerability

CVE-2025-47162 is a "heap-based buffer overflow" vulnerability in Microsoft Office with a CVSSv3 score of 8.4. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code locally.

  • CVE-2025-47167 - Microsoft Office Remote Code Execution Vulnerability

CVE-2025-47167 is a "type confusion" vulnerability in Microsoft Office with a CVSSv3 score of 8.4. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code locally.

  • CVE-2025-47164 - Microsoft Office Remote Code Execution Vulnerability

CVE-2025-47164 is a "use after free" vulnerability in Microsoft Office with a CVSSv3 score of 8.4. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code locally.

Remediation advice

Affected organisations are encouraged to review Microsoft's June 2025 Security Updates and apply the relevant updates.

Last edited: 11 June 2025 1:29 pm