This article discusses Microsoft’s June 2025 Patch Tuesday, which resolves 66 vulnerabilities including one actively exploited zero-day and one publicly disclosed zero-day. Key fixes target critical remote code execution and privilege escalation flaws, with additional updates from various vendors addressing vulnerabilities across multiple products. #WEBDAV #SMBClient #StealthFalcon
Keypoints
- Microsoft released security updates fixing 66 vulnerabilities, including critical zero-days.
- The actively exploited zero-day CVE-2025-33053 affects WebDAV and was exploited by the Stealth Falcon threat group.
- The publicly disclosed zero-day CVE-2025-33073 impacts Windows SMB, allowing privilege escalation.
- Several other vendors, including Adobe, Cisco, and Google, released patches for their products in June 2025.
- Most vulnerabilities addressed are remotely exploitable, emphasizing the importance of applying updates promptly.