Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

June, 2025: Patch Tuesday - Two Zero Days and 11 Critical Updates

Welcome to my June Patch Tuesday newsletter. Today Microsoft released 67 updates and an additional 15 in the past month for a total of 82 updates.

We have 2 zero-days to look at:

Currently exploited - CVE-2025-33053 (Remote Code Execution)
- External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
Publicly known - CVE-2025-33073 (Elevation of Privilege)
- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Both of these were released today, June 10th. As you can see in the chart below, the they both affect various OS's. Although these are zero days, they are only rated as "Important" by Microsoft. Either way, you will want to make sure these updates get applied soon.

Besides these two, there are another 11 updates that are rated "Critical":

So we do have a good bit of updating that needs to be done. So download, update and reboot those systems. See you next month!

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Remote Desktop Client Windows App Client Windows Security App	Critical	CVE-2025-24065 CVE-2025-24068 CVE-2025-24069 CVE-2025-29828 CVE-2025-3052 CVE-2025-32710 CVE-2025-32712 CVE-2025-32713 CVE-2025-32714 CVE-2025-32715 CVE-2025-32716 CVE-2025-32718 CVE-2025-32719 CVE-2025-32720 CVE-2025-32721 CVE-2025-32722 CVE-2025-32724 CVE-2025-32725 CVE-2025-33050 CVE-2025-33052 CVE-2025-33053* CVE-2025-33055 CVE-2025-33056 CVE-2025-33057 CVE-2025-33058 CVE-2025-33059 CVE-2025-33060 CVE-2025-33061 CVE-2025-33062 CVE-2025-33063 CVE-2025-33064 CVE-2025-33065 CVE-2025-33066 CVE-2025-33067 CVE-2025-33068 CVE-2025-33069 CVE-2025-33070 CVE-2025-33071 CVE-2025-33073** CVE-2025-33075 CVE-2025-47160 CVE-2025-47955 CVE-2025-47956 CVE-2025-47969	Workaround: No Exploited: Yes* Public: Yes**	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Spoofing
Edge	Chromium-based	Important	CVE-2025-4609 CVE-2025-4664 CVE-2025-47181 CVE-2025-5063 CVE-2025-5064 CVE-2025-5065 CVE-2025-5066 CVE-2025-5067 CVE-2025-5068 CVE-2025-5280 CVE-2025-5281 CVE-2025-5283 CVE-2025-5419	Workaround: No Exploited: No Public: No	Elevation of Privilege
Office	365 Apps for Enterprise Excel/Outlook/Power Point/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Office for Android AutoUpdate for Mac Office Online Server	Critical	CVE-2025-32717 CVE-2025-47162 CVE-2025-47164 CVE-2025-47165 CVE-2025-47167 CVE-2025-47168 CVE-2025-47169 CVE-2025-47170 CVE-2025-47171 CVE-2025-47173 CVE-2025-47174 CVE-2025-47175 CVE-2025-47176 CVE-2025-47953 CVE-2025-47957 CVE-2025-47968	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Critical	CVE-2025-47163 CVE-2025-47166 CVE-2025-47168 CVE-2025-47169 CVE-2025-47172	Workaround: No Exploited: No Public: No	Remote Code Execution
Azure	Nuance Digital Engagement Platform	Important	CVE-2025-47977	Workaround: No Exploited: No Public: No	Spoofing
Developer Tools	.NET 8.0 & 9.0 on Linux/MacOS/Windows Visual Studio 2022 17.8, 17.10, 17.12, 17.14 Windows SDK	Important	CVE-2025-30399 CVE-2025-47959 CVE-2025-47962	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution
Dynamics	Power Automate for Desktop	Critical	CVE-2025-47966	Workaround: No Exploited: No Public: No	Elevation of Privilege
System Center	Defender for Endpoint for Linux	Important	CVE-2025-47161	Workaround: No Exploited: No Public: No	Elevation of Privilege

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

June 2025 Patch Tuesday	"Patch Tuesday - Two Zero Days and 11 Critical Updates " - sponsored by LOGbinder and Supercharger

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.