Microsoft Security Update Summary (June 10, 2025)

Posted on 2025-06-10 by guenni

Update[German]Microsoft released security updates for Windows clients and servers, Office and other products on June 10, 2025. The security updates eliminate 65 vulnerabilities (CVEs), two of which were classified as 0-day. One vulnerability has already been attacked. The following is a compact overview of the updates released on Patchday

Notes on the updates

A list of updates can be found on this Microsoft page. Details on the update packages for Windows, Office etc. are available in separate blog posts.

Windows 10/11, Windows Server

All Windows 10/11 updates (as well as the updates of the server counterparts) are cumulative. The monthly patchday update contains all security fixes for these Windows versions – as well as all non-security fixes up to the patchday. In addition to the security patches for the vulnerabilities, the updates also contain fixes to correct errors or new features.

Windows Server 2012 R2

An ESU license is required for Windows Server 2012 /R2 to receive further security updates (Windows Server 2012/R2 gets Extended Security Updates (ESU) until October 2026).

Fixed vulnerabilities

Tenable has published this blog post with an overview of the vulnerabilities that have been fixed. Here are some of the critical vulnerabilities that have been fixed:

  • CVE-2025-33053: Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution vulnerability, CVEv3 Score 8.8, important; An attacker could exploit this vulnerability through social engineering. He must get a target to open a malicious URL or file. If successfully exploited, the attacker would be able to execute code on the victim's network. According to Microsoft, the zero-day vulnerability has been exploited. Check Point Research reports here that the vulnerability was exploited by the APT group Stealth Falcon (probably for espionage attacks).
  • CVE-2025-33073: Windows SMB Client Elevation of Privilege vulnerability, CVEv3 Score 8.8, important; An attacker could exploit this vulnerability through social engineering. He must trick a target into opening a malicious URL or file. If successfully exploited, the attacker would have improper access control in Windows SMB, allowing an authorized attacker to elevate privileges over a network. The vulnerability was made public before a patch was made available. According to Microsoft, an attacker must execute a crafted script to force a target device to connect to an attacker-controlled computer with SMB credentials. If successful, the attacker can elevate their privileges to SYSTEM. It appears that five security researchers have discovered the vulnerability independently of each other. Exploitation is considered likely by Microsoft. I pointed out the vulnerability and the need to close it quickly in today's article Attention: June 2025 Patchday closes vulnerability CVE-2025-33073 in Windows. Tomorrow, Wednesday, June 11, 2025, shortly after 10:00 a.m., there will be a disclosure of what I have learned in advance from a discoverer, RedTeam Pentesting GmbH.
  • CVE-2025-33070: Windows Netlogon Elevation of Privilege vulnerability, CVEv3 Score 8.1, critical; An attacker could exploit this vulnerability to gain administrator rights for a domain. According to Microsoft, a successful attack requires the attacker to perform additional actions to prepare a target for exploitation. Despite these requirements, Microsoft has classified this vulnerability as "Exploitation More Likely" according to Microsoft's Exploitability Index.
  • CVE-2025-47162CVE-2025-47164CVE-2025-47167 and CVE-2025-47953: Microsoft Office Remote Code Execution vulnerabilities, CVEv3 Score 8.4, critical; All except CVE-2025-47953 were rated as "Exploitation More Likely". Microsoft points out that the preview window is an attack vector for exploiting these vulnerabilities.
  • CVE-2025-47173: Microsoft Office Remote Code Execution vulnerability, CVEv3 Score 7.8, important; "Exploitation Unlikely". Unlike the other Office RCE vulnerabilities listed above, the preview window is not an attack vector for CVE-2025-47173.
  • CVE-2025-33071: Windows KDC Proxy Service (KPSSVC) Remote Code Execution vulnerability, CVEv3 Score 8.1, critical; an RCE vulnerability rated Exploitation More Likely in the Windows Kerberos Key Distribution Center (KDC) proxy service, an authentication mechanism used for KDC servers over HTTPS. An unauthenticated attacker could use a crafted application to exploit a cryptographic protocol vulnerability to execute arbitrary code. According to the advisory, only Windows servers configured as [MS-KKDCP] "Kerberos Key Distribution Center (KDC) Proxy Protocol Server" are affected. Although the advisory mentions that the attacker must exploit a race condition, the vulnerability was still classified as critical.
  • CVE-2025-32713: Windows Common Log File System Driver Elevation of Privilege vulnerability, CVEv3 Score 7.8, important; was classified as "Exploitation More Likely". Successful exploitation would allow an attacker to elevate their privileges on SYSTEM.

Addendum: Talos has also published a list of vulnerabilities in this blog post (thanks to the reader for pointing this out). Compared to the Tenable list, the following additional vulnerabilities are documented there.

    • CVE-2025-32710 : Windows Remote Desktop Service RCE vulnerability, CVEv3 Score 8.1, high; An attacker could attempt to connect to a system with the Remote Desktop Gateway role, trigger a race condition to a use-after-free scenario, and then exploit this to execute arbitrary code. This was classified as "Exploitation Less Likely" by Microsoft.addendum: Talos has also published a list of vulnerabilities in this blog post (thanks to the reader for pointing this out). Compared to the Tenable list, the following additional vulnerabilities are documented there.
    • CVE-2025-29828: Windows Schannel (Secure Channel) RCE vulnerability, CVEv3 Score 8.1, high; Windows Schannel is a Security Support Provider (SSP) in the Windows operating system that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is part of the Security Support Provider Interface (SSPI) and is used to secure network communication. A lack of memory sharing by Windows Cryptographic Services can trigger this RCE vulnerability. This allows an unauthorized attacker to execute code over a network. An attacker can exploit this vulnerability through the malicious use of fragmented ClientHello messages to a target server that accepts TLS connections. Microsoft classifies the complexity of the attack as "High" and an "Exploitation as Less Likely".

A list of all CVEs discovered can be found on this Microsoft page, excerpts are available at Tenable and Talos.

Similar articles:
Microsoft Security Update Summary (June 10, 2025)
Patchday: Windows 10/11 Updates (June 10,  2025)
Patchday: Windows Server-Updates (June 10,  2025)
Patchday: Microsoft Office Updates (June 10, 2025)

Windows 10/11: Preview Updates May 27, 28,2025
Attention: June 2025 Patchday closes vulnerability CVE-2025-33073 in Windows

This entry was posted in Office, Security, Software, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *