{"id":347001,"date":"2025-06-11T06:33:35","date_gmt":"2025-06-11T13:33:35","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=347001"},"modified":"2025-06-19T06:23:40","modified_gmt":"2025-06-19T13:23:40","slug":"microsoft-patch-tuesday-june-2025-65-security-fix","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-june-2025-65-security-fix\/","title":{"rendered":"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed"},"content":{"rendered":"<div class=\"relative\">\n<div class=\"prose text-pretty dark:prose-invert inline leading-normal break-words min-w-0 [word-break:break-word]\">\n<p class=\"my-0\">Microsoft\u2019s June 2025 <a href=\"https:\/\/msftnewsnow.com\/tag\/patch-tuesday\" target=\"_blank\" rel=\"noopener\">Patch Tuesday<\/a> has arrived, delivering urgent security fixes for a broad range of its products. The company addressed more than 65 vulnerabilities, including a zero-day exploit that was being actively used in cyber espionage campaigns. <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-10-2025-kb5060526-os-build-20348-3807-4e9453c4-6602-48ea-b349-689cd66dfdb9\" target=\"_blank\" rel=\"noopener\">This month\u2019s updates are critical for both<\/a> enterprise and individual users, reinforcing the importance of timely patching to protect against emerging threats.<\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Microsoft Patch Tuesday at a Glance<\/strong><\/h2>\n<p><img decoding=\"async\" data-attachment-id=\"347032\" data-permalink=\"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-june-2025-65-security-fix\/d6b7sg3gzpmq1klzifiz\/#main\" data-orig-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-orig-size=\"720,720\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"d6b7sg3gzpmq1klzifiz\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-large-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" class=\"alignnone wp-image-347032 size-full\" src=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" alt=\"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed\" width=\"720\" height=\"720\" srcset=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 720w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-150x150.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 150w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=288&amp;ssl=1 288w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=432&amp;ssl=1 432w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/d6b7sg3gzpmq1klzifiz-scaled.jpg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=576&amp;ssl=1 576w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><\/p>\n<p class=\"my-0\"><a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/patch-tuesday-analysis-june-2025\/\" target=\"_blank\" rel=\"noopener\">This month\u2019s security release is notable<\/a> for its breadth and the severity of the vulnerabilities addressed. Microsoft has fixed at least 65 security flaws (CVEs), with some sources reporting up to 67, depending on the counting methodology and inclusion of third-party patches<span class=\"whitespace-nowrap\">.<\/span> Of these, approximately 9 to 11 are rated Critical, and the rest are classified as Important in severity<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\">The standout fix is for CVE-2025-33053, a remote code execution (RCE) vulnerability in the WebDAV (Web Distributed Authoring and Versioning) component of Windows. This flaw was being actively exploited by the advanced persistent threat (APT) group known as Stealth Falcon (also called FruityArmor), which has a history of leveraging Windows zero-days for espionage purposes<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>The Zero-Day Threat: CVE-2025-33053<\/strong><\/h2>\n<p class=\"my-0\"><strong>CVE-2025-33053<\/strong> is a remote code execution vulnerability in WebDAV, a protocol designed to extend HTTP for file management. While WebDAV has been deprecated since 2023 and is not enabled by default, Microsoft has chosen to patch the flaw across both current and legacy Windows and Windows Server versions, including some that are officially out of support<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\">The vulnerability has been exploited in real-world attacks, most notably in March 2025, when Stealth Falcon targeted a major defense organization in Turkey. The attack began with a phishing email containing a malicious <code>.url<\/code> file disguised as a PDF document related to military equipment damage. When executed, the file exploited the zero-day to launch malware from an attacker-controlled WebDAV server<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Attack Chain Details:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>Delivery:<\/strong> Phishing email with a .url file disguised as a PDF.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Execution:<\/strong> The victim clicks the file, triggering the exploit.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Exploitation:<\/strong> The exploit manipulates the Windows file execution search order, tricking a legitimate Windows utility (iediagcmd.exe, an Internet Explorer diagnostics tool) into executing malicious code hosted on a remote server.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Payload:<\/strong> The attack delivers the Horus Agent, a custom-built implant designed for the Mythic command-and-control (C2) framework.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Evasion:<\/strong> Attackers use techniques like string encryption and control flow flattening to complicate analysis and avoid detection.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">This approach allows attackers to execute code remotely without dropping files directly onto the victim\u2019s machine, making detection more challenging<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Other Critical Vulnerabilities and Risk Analysis<\/strong><\/h2>\n<p class=\"my-0\">Beyond the zero-day, Microsoft patched several other critical vulnerabilities. Remote code execution (RCE) flaws were the most prominent, accounting for about 38% of the total patches<a class=\"citation ml-xs inline\" href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/patch-tuesday-analysis-june-2025\/\" target=\"_blank\" rel=\"nofollow noopener\" data-state=\"closed\" aria-label=\"June 2025 Patch Tuesday: One Zero-Day and Nine Critical Vulnerabilities Among 66 CVEs\"><span class=\"relative select-none align-middle -top-px font-sans text-base text-textMain dark:text-textMainDark selection:bg-super\/50 selection:text-textMain dark:selection:bg-superDuper\/10 dark:selection:text-superDark\"><span class=\"hover:bg-super dark:hover:bg-superDark dark:hover:text-backgroundDark min-w-[1rem] cursor-pointer rounded-[0.3125rem] text-center align-middle font-mono text-[0.6rem] tabular-nums hover:text-white py-[0.1875rem] px-[0.3rem] border-borderMain\/50 ring-borderMain\/50 divide-borderMain\/50 dark:divide-borderMainDark\/50 dark:ring-borderMainDark\/50 dark:border-borderMainDark\/50 bg-offsetPlus dark:bg-offsetPlusDark\">1<\/span><\/span><\/a><span class=\"whitespace-nowrap\">.<\/span> Other risk types included information disclosure (26%) and elevation of privilege (20%)<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Breakdown of Vulnerability Types:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>Remote Code Execution (RCE):<\/strong> 25\u201326 patches (38\u201339% of total)<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Information Disclosure:<\/strong> 17 patches (26%)<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Elevation of Privilege:<\/strong> 13\u201314 patches (20%)<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Denial of Service:<\/strong> 6 patches<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Security Feature Bypass:<\/strong> 3 patches<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Spoofing:<\/strong> 2 patches<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">These vulnerabilities affect a wide range of Microsoft products, including Windows, Office, .NET, Visual Studio, SharePoint, Microsoft Edge, Power Automate, and more<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Affected Products and Components<\/strong><\/h2>\n<p class=\"my-0\"><strong>Windows and Windows Components:<\/strong><br \/>\nThe majority of the vulnerabilities are in Windows and its core components, including the kernel, shell, and various services. Both Windows 10 and Windows 11 are affected, along with related server versions<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Microsoft Office:<\/strong><br \/>\nFour critical vulnerabilities were patched in Office, making it a continued target for attackers who use malicious documents to deliver payloads via email<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Other Products:<\/strong><br \/>\nPatches were also released for:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>.NET and Visual Studio<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Microsoft Edge (Chromium-based)<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Power Automate<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Nuance Digital Engagement Platform<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Cryptographic Services<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Hello<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Installer<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Kernel<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Local Security Authority (LSA)<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Media<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Netlogon<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows Remote Desktop Services<\/strong><\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Windows SMB<\/strong><\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Notable Vulnerabilities and Exploitation<\/strong><\/h2>\n<ol>\n<li class=\"my-0\"><strong>CVE-2025-33053: <\/strong>As discussed, this is the most urgent vulnerability to patch due to its active exploitation. Microsoft has even released patches for out-of-support operating systems, underscoring the severity of the threat<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<li class=\"my-0\"><strong>Other Critical RCEs: <\/strong>Several other critical RCE vulnerabilities were patched, including in Office components. These are often exploited via malicious documents, making them a favorite vector for phishing campaigns<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<li class=\"my-0\"><strong>Elevation of Privilege and Information Disclosure: <\/strong>These vulnerabilities could allow attackers to gain higher privileges on a system or access sensitive information, respectively. While not always exploited in the wild, they are frequently targeted in advanced attacks<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<\/ol>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>The Unpatched Vulnerability: BadSuccessor<\/strong><\/h2>\n<p class=\"my-0\">Despite the extensive coverage, one notable vulnerability remains unpatched this month: <a href=\"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/\" target=\"_blank\" rel=\"noopener\"><strong>BadSuccessor<\/strong><\/a>. This flaw affects Windows Server 2025 domain controllers and could have significant implications for enterprise environments. Microsoft has not provided a timeline for a fix, so organizations are advised to monitor for updates and apply mitigations if available<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Patch Tuesday: What You Need to Do<\/strong><\/h2>\n<p class=\"my-0\">Given the severity and active exploitation of CVE-2025-33053, it is critical for all users\u2014especially enterprises\u2014to apply the June 2025 Patch Tuesday updates as soon as possible. Here are the recommended steps:<\/p>\n<ol class=\"marker:text-textOff list-decimal\">\n<li>\n<p class=\"my-0\"><strong>Apply All Available Updates:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Use Windows Update to install the latest security patches for Windows, Office, and other affected products.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">For enterprise environments, deploy updates through your patch management system.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Prioritize Critical Systems:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Focus on systems that are exposed to the internet or handle sensitive data.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Ensure domain controllers, file servers, and endpoints are updated promptly.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Monitor for Unpatched Vulnerabilities:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Keep an eye on the status of BadSuccessor and other unpatched vulnerabilities.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Apply mitigations or workarounds if recommended by Microsoft.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Educate Users:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Remind users to be cautious with email attachments and links, especially those that appear to be documents or PDFs.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Conduct regular security awareness training to reduce the risk of phishing.<\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Cybersecurity<\/strong><\/h2>\n<p class=\"my-0\">The June 2025 Patch Tuesday highlights several ongoing trends in cybersecurity:<\/p>\n<ol class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>Zero-Day Exploits Are Increasingly Common:<\/strong><br \/>\nAttackers are leveraging zero-day vulnerabilities to target high-value organizations, often using sophisticated tactics to evade detection.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Legacy Systems Remain at Risk:<\/strong><br \/>\nEven deprecated components like WebDAV can be exploited if not properly secured or removed.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Phishing Remains a Primary Attack Vector:<\/strong><br \/>\nMany critical vulnerabilities are exploited through phishing campaigns, underscoring the need for robust email security and user education.<\/p>\n<\/li>\n<\/ol>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Detailed Technical Overview<\/strong><\/h2>\n<p class=\"my-0\">For those interested in the technical specifics, here is a deeper dive into the key vulnerabilities and their impact:<\/p>\n<ol>\n<li class=\"my-0\"><strong>CVE-2025-33053 \u2013 WebDAV RCE: <\/strong>This vulnerability allows an attacker to execute arbitrary code on a victim\u2019s system by tricking them into opening a specially crafted .url file. The exploit leverages the Windows file execution search order to load malicious code from a remote WebDAV server, using a legitimate Windows utility as a conduit. This technique is highly effective at bypassing traditional security controls, as it does not require the attacker to drop files on the victim\u2019s machine<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<li class=\"my-0\"><strong>Critical Office Vulnerabilities: <\/strong>Four critical RCE vulnerabilities in Office were patched. These are typically exploited via malicious documents, such as Word or Excel files, which are delivered via email. Once opened, the documents execute malicious code, often leading to full system compromise<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<li class=\"my-0\"><strong>Elevation of Privilege and Information Disclosure: <\/strong>These vulnerabilities allow attackers to gain higher privileges or access sensitive information, respectively. They are often used in combination with other exploits to escalate attacks within a network<span class=\"whitespace-nowrap\">.<\/span><\/li>\n<\/ol>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Enterprise Impact and Recommendations<\/strong><\/h2>\n<p class=\"my-0\">For enterprise IT teams, this month\u2019s Patch Tuesday is a reminder of the importance of a robust patch management strategy. Key recommendations include:<\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\"><strong>Automate Patch Deployment:<\/strong><br \/>\nUse automated tools to ensure all systems are updated promptly.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Monitor for Exploits:<\/strong><br \/>\nImplement threat intelligence feeds to stay informed about active exploits and emerging threats.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Segment Networks: <\/strong>Limit the spread of potential attacks by segmenting networks and restricting lateral movement.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\"><strong>Regularly Audit Systems: <\/strong>Ensure that all systems are up to date and that deprecated components are removed or disabled.<\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\">Microsoft\u2019s June 2025 Patch Tuesday is a critical security event, addressing over 65 vulnerabilities\u2014including a zero-day exploit that was actively used in cyber espionage. The updates cover a wide range of products, from Windows and Office to .NET and SharePoint, and are essential for protecting against both known and emerging threats.<\/p>\n<p class=\"my-0\">The active exploitation of CVE-2025-33053 underscores the need for immediate action, especially for enterprises and organizations handling sensitive data. While most vulnerabilities have been patched, the <a href=\"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/\" target=\"_blank\" rel=\"noopener\">unpatched BadSuccessor flaw in Windows Server 2025 domain controllers remains a concern<\/a>.<\/p>\n<p class=\"my-0\">By staying vigilant, applying updates promptly, and educating users, organizations can significantly reduce their risk of falling victim to these and future threats. As always, Microsoft\u2019s Patch Tuesday serves as a reminder of the ever-evolving landscape of cybersecurity and the importance of proactive defense.<\/p>\n<p>To access the full description of <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws\/\" target=\"_blank\" rel=\"noopener\">each vulnerability and the systems it affects<\/a>, check this chart below.<\/p>\n<div>\n<table>\n<tbody>\n<tr>\n<th>Tag<\/th>\n<th>CVE ID<\/th>\n<th>CVE Title<\/th>\n<th>Severity<\/th>\n<\/tr>\n<tr>\n<td>.NET and Visual Studio<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-30399\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-30399<\/a><\/td>\n<td>.NET and Visual Studio Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>App Control for Business (WDAC)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33069\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33069<\/a><\/td>\n<td>Windows App Control for Business Security Feature Bypass Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft AutoUpdate (MAU)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47968\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47968<\/a><\/td>\n<td>Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Local Security Authority Server (lsasrv)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33056\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33056<\/a><\/td>\n<td>Windows Local Security Authority (LSA) Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47164\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47164<\/a><\/td>\n<td>Microsoft Office Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47167\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47167<\/a><\/td>\n<td>Microsoft Office Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47162\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47162<\/a><\/td>\n<td>Microsoft Office Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47173\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47173<\/a><\/td>\n<td>Microsoft Office Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47953\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47953<\/a><\/td>\n<td>Microsoft Office Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Excel<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47165\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47165<\/a><\/td>\n<td>Microsoft Excel Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Excel<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47174\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47174<\/a><\/td>\n<td>Microsoft Excel Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Outlook<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47171\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47171<\/a><\/td>\n<td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Outlook<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47176\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47176<\/a><\/td>\n<td>Microsoft Outlook Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office PowerPoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47175\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47175<\/a><\/td>\n<td>Microsoft PowerPoint Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office SharePoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47172\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47172<\/a><\/td>\n<td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office SharePoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47166\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47166<\/a><\/td>\n<td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office SharePoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47163\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47163<\/a><\/td>\n<td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Word<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47170\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47170<\/a><\/td>\n<td>Microsoft Word Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Word<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47957\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47957<\/a><\/td>\n<td>Microsoft Word Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Word<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47169\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47169<\/a><\/td>\n<td>Microsoft Word Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Word<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47168\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47168<\/a><\/td>\n<td>Microsoft Word Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Nuance Digital Engagement Platform<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47977\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47977<\/a><\/td>\n<td>Nuance Digital Engagement Platform Spoofing Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Remote Desktop Client<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32715\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32715<\/a><\/td>\n<td>Remote Desktop Protocol Client Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Visual Studio<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47959\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47959<\/a><\/td>\n<td>Visual Studio Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>WebDAV<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33053\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33053<\/a><\/td>\n<td>Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Common Log File System Driver<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32713\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32713<\/a><\/td>\n<td>Windows Common Log File System Driver Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Cryptographic Services<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-29828\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-29828<\/a><\/td>\n<td>Windows Schannel Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows DHCP Server<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33050\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33050<\/a><\/td>\n<td>DHCP Server Service Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows DHCP Server<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32725\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32725<\/a><\/td>\n<td>DHCP Server Service Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows DWM Core Library<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33052\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33052<\/a><\/td>\n<td>Windows DWM Core Library Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Hello<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47969\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47969<\/a><\/td>\n<td>Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Installer<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33075\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33075<\/a><\/td>\n<td>Windows Installer Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Installer<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32714\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32714<\/a><\/td>\n<td>Windows Installer Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows KDC Proxy Service (KPSSVC)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33071\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33071<\/a><\/td>\n<td>Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows Kernel<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33067\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33067<\/a><\/td>\n<td>Windows Task Scheduler Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Local Security Authority (LSA)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33057\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33057<\/a><\/td>\n<td>Windows Local Security Authority (LSA) Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Local Security Authority Subsystem Service (LSASS)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32724\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32724<\/a><\/td>\n<td>Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Media<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32716\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32716<\/a><\/td>\n<td>Windows Media Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Netlogon<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33070\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33070<\/a><\/td>\n<td>Windows Netlogon Elevation of Privilege Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows Recovery Driver<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32721\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32721<\/a><\/td>\n<td>Windows Recovery Driver Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Remote Access Connection Manager<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47955\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47955<\/a><\/td>\n<td>Windows Remote Access Connection Manager Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Remote Desktop Services<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32710\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32710<\/a><\/td>\n<td>Windows Remote Desktop Services Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows Routing and Remote Access Service (RRAS)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33064\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33064<\/a><\/td>\n<td>Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Routing and Remote Access Service (RRAS)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33066\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33066<\/a><\/td>\n<td>Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows SDK<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47962\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47962<\/a><\/td>\n<td>Windows SDK Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Secure Boot<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-3052\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-3052<\/a><\/td>\n<td>Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Security App<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47956\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47956<\/a><\/td>\n<td>Windows Security App Spoofing Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Shell<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-47160\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-47160<\/a><\/td>\n<td>Windows Shortcut Files Security Feature Bypass Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows SMB<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33073\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33073<\/a><\/td>\n<td>Windows SMB Client Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows SMB<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32718\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32718<\/a><\/td>\n<td>Windows SMB Client Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Standards-Based Storage Management Service<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33068\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33068<\/a><\/td>\n<td>Windows Standards-Based Storage Management Service Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32719\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32719<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-24065\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-24065<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-24068\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-24068<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33055\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33055<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-24069\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-24069<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33060\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33060<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33059\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33059<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33062\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33062<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33061\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33061<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33058\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33058<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32720\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32720<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33065\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33065<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Management Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-33063\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-33063<\/a><\/td>\n<td>Windows Storage Management Provider Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Storage Port Driver<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32722\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32722<\/a><\/td>\n<td>Windows Storage Port Driver Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Win32K &#8211; GRFX<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2025-32712\" rel=\"nofollow noopener\" target=\"_blank\">CVE-2025-32712<\/a><\/td>\n<td>Win32k Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft\u2019s June 2025 Patch Tuesday has arrived, delivering urgent security fixes for a broad range of its products. The company addressed more than 65 vulnerabilities, including a zero-day exploit that was being actively used in cyber espionage campaigns. This month\u2019s updates are critical for both enterprise and individual users, reinforcing the importance of timely patching &#8230; <a title=\"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed\" class=\"read-more\" href=\"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-june-2025-65-security-fix\/\" aria-label=\"Read more about Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed\">Read more<\/a><\/p>\n","protected":false},"author":208461344,"featured_media":347031,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24,2540],"tags":[1271,778,249,927,926,930,123,32,1251,1175,1083,1188,1275,275,1205,1213,1317,1228],"class_list":["post-347001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-cybersecurity","tag-microsoft","tag-microsoft-edge","tag-microsoft-office","tag-microsoft-outlook","tag-microsoft-word","tag-outlook","tag-patch-tuesday","tag-power-automate","tag-powerpoint","tag-security","tag-sharepoint","tag-visual-studio","tag-windows","tag-windows-10","tag-windows-11","tag-windows-hello","tag-windows-server"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-1sgN","jetpack-related-posts":[{"id":17611,"url":"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-security-updates-6-2024\/","url_meta":{"origin":347001,"position":0},"title":"Microsoft Patch Tuesday security updates June 2024: Critical MSMQ and Wi-Fi driver vulnerabilities fixed","author":"Dave W. Shanahan","date":"June 12, 2024","format":false,"excerpt":"Microsoft Patch Tuesday security updates were released for June 2024, addressing a total of 51 security vulnerabilities across its products. This month's update includes fixes for one critical vulnerability in Microsoft Message Queuing (MSMQ) and another in the Windows Wi-Fi driver, both of which pose significant security risks.","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Patch Tuesday security updates June 2024: Critical MSMQ and Wi-Fi driver vulnerabilities fixed","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/508b9014-2b00-47c4-af7b-ff8c6ccf84f0.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/508b9014-2b00-47c4-af7b-ff8c6ccf84f0.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/508b9014-2b00-47c4-af7b-ff8c6ccf84f0.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/06\/508b9014-2b00-47c4-af7b-ff8c6ccf84f0.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":332492,"url":"https:\/\/msftnewsnow.com\/microsofts-march-2025-patch-tuesday-7-zero-days\/","url_meta":{"origin":347001,"position":1},"title":"Microsoft&#8217;s March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws","author":"Dave W. Shanahan","date":"March 12, 2025","format":false,"excerpt":"Microsoft has released its March 2025 Patch Tuesday updates, resolving a total of 57 security vulnerabilities affecting various products, including Windows, Office, Remote Desktop Services, and more. As reported by Bleeping Computer, among these vulnerabilities are seven critical zero-day flaws\u2014six of which were actively exploited in the wild prior to\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft's March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws, CVE-2025-24983, CVE-2025-24991, CVE-2025-24984, CVE-2025-26630, CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-25001, CVE-2025-25002, CVE-2025-25003, CVE-2025-25004, CVE-2025-25005","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":18938,"url":"https:\/\/msftnewsnow.com\/july-2024-patch-tuesday-update-142-vulnerabilities\/","url_meta":{"origin":347001,"position":2},"title":"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities","author":"Dave W. Shanahan","date":"July 9, 2024","format":false,"excerpt":"The July 2024 Patch Tuesday underscores the ongoing importance of regular security updates in the face of evolving cyber threats. With 142 vulnerabilities addressed, including critical and actively exploited flaws, it's crucial for users and administrators to apply these updates as soon as possible to maintain the security of their\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft releases critical July 2024 Patch Tuesday updates, addressing 142 vulnerabilities","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/07\/un2ya4gejp8770e67u7p.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":346470,"url":"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/","url_meta":{"origin":347001,"position":3},"title":"Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed &#8220;BadSuccessor,&#8221; Patch Expected Soon","author":"Dave W. Shanahan","date":"June 6, 2025","format":false,"excerpt":"A newly discovered vulnerability in Windows Server 2025\u2019s delegated Managed Service Account (dMSA) feature has sent shockwaves through the cybersecurity community. Dubbed \u201cBadSuccessor,\u201d this flaw allows attackers with minimal permissions to escalate privileges and potentially compromise entire Active Directory (AD) domains. What Is the dMSA Feature in Windows Server 2025?\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed \"BadSuccessor,\" Patch Expected Soon","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/image-14.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/image-14.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/image-14.jpeg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/image-14.jpeg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":329309,"url":"https:\/\/msftnewsnow.com\/microsoft-issues-largest-security-update-in-years\/","url_meta":{"origin":347001,"position":4},"title":"Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities","author":"Dave W. Shanahan","date":"January 15, 2025","format":false,"excerpt":"Microsoft has released its first Patch Tuesday update of 2025, addressing a staggering 161 security vulnerabilities - the largest number of fixes in a single month since 2017. As reported by Bleeping Computer, the massive update includes security patches for three actively exploited zero-day flaws and multiple critical vulnerabilities that\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":20674,"url":"https:\/\/msftnewsnow.com\/cve-2024-38063-zero-click-tcp-ip-rce-2024-38193\/","url_meta":{"origin":347001,"position":5},"title":"Microsoft patches critical zero-click TCP\/IP RCE flaw CVE-2024-38063, North Korea&#8217;s Lazarus Group exploits zero-day flaw, CVE-2024-38193","author":"Dave W. Shanahan","date":"August 19, 2024","format":false,"excerpt":"Microsoft has patched two critical security flaws in Windows, a zero-click TCP\/IP RCE flaw (CVE-2024-38063) and a zero-day flaw (CVE-2024-38193) exploited by North Korea's Lazarus Group. The zero-click flaw could allow unauthenticated remote code execution attacks on Windows systems with IPv6 enabled, while the zero-day flaw was used by the\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft August 2024 Patch Tuesday updates; New fixes for 9 zero-days, 6 exploited vulnerabilities, Microsoft patches critical zero-click TCP\/IP RCE flaw CVE-2024-38063, North Korea's Lazarus Group exploits zero-day flaw, CVE-2024-38193","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2024\/08\/shanabanana223_graphic_about_microsofts_patch_tuesday_updates_aa264a62-d51d-471b-b46d-340780a8b17e.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/347001","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=347001"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/347001\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/347031"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=347001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=347001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=347001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}