ºÚÁÏÉç

Security Bulletin text on the screen with a wolf in the background
Security Bulletin text on the screen with a wolf in the background
Back to blog

Microsoft Patch Tuesday: June 2025

On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in this security bulletin due to their potential impact.?
Security Bulletin text on the screen with a wolf in the background
6 min read

On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in this security bulletin due to their potential impact.?

Vulnerabilities?

Vulnerability? CVSS? Description? Exploited??
? 8.8? Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability – A remote threat actor can exploit this vulnerability to execute code over the network by leveraging external control of file name or path in WebDAV. WebDAV is a protocol that allows users to remotely manage and edit files on web servers.?

  • According to researchers, the threat group Stealth Falcon exploited CVE-2025-33053 as a zero-day vulnerability, using it to compromise government and defense entities in the Middle East.?
 Yes?
? 8.4? Microsoft Office Remote Code Execution Vulnerability – A heap-based buffer overflow flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.? No?
? 8.4? Microsoft Office Remote Code Execution Vulnerability – A use after free (UAF) flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.? No?
? 8.4? Microsoft Office Remote Code Execution Vulnerability – A type confusion flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.? No?
? 8.8? Windows SMB (Server Message Block) Client Elevation of Privilege Vulnerability – A remote threat actor can exploit this vulnerability by executing a specially crafted script to coerce a victim machine into connecting to a malicious SMB server and authenticating, potentially leading to elevation of privilege.?

  • Microsoft has indicated that a proof-of-concept (PoC) exploit exists for this vulnerability.?
 No?

Recommendation?

Upgrade to Latest Fixed Versions?

Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.?

Affected Product? CVE? Update Article?
Windows Server 2025? CVE-2025-33053, CVE-2025-33073? , ?
Windows Server 2022, 23H2 Edition (Server Core installation)? CVE-2025-33053, CVE-2025-33073? ?
Windows Server 2022? CVE-2025-33053, CVE-2025-33073? , ?
Windows Server 2019? CVE-2025-33053, CVE-2025-33073? , ?
Windows Server 2016? CVE-2025-33073? ?
Windows Server 2012 R2? CVE-2025-33053, CVE-2025-33073? , ?
Windows Server 2012? CVE-2025-33053, CVE-2025-33073? , ?
Windows Server 2008 R2 for x64-based Systems Service Pack 1? CVE-2025-33053, CVE-2025-33073? , , ?
Windows Server 2008 for 32-bit, and x64-based Systems Service Pack 2? CVE-2025-33053, CVE-2025-33073? , , ?
Windows 11 Version 24H2 for x64-based, and ARM64-based Systems? CVE-2025-33053, CVE-2025-33073? , ?
Windows 11 Version 23H2 for x64-based, and ARM64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 11 Version 22H2 for x64-based, and ARM64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 10 Version 1809 for 32-bit, and x64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 10 Version 1607 for 32-bit, and x64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Windows 10 for 32-bit, and x64-based Systems? CVE-2025-33053, CVE-2025-33073? ?
Microsoft Office LTSC for Mac 2024? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office LTSC for Mac 2021? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office LTSC 2024 for 32-bit, and 64-bit editions? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office LTSC 2021 for 32-bit, and 64-bit editions? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office for Android? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office 2019 for 32-bit, and 64-bit editions? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?
Microsoft Office 2016 32-bit, and 64-bit editions? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? , ?
Microsoft 365 Apps for Enterprise for 32-bit, and 64-bit Systems? CVE-2025-47162, CVE-2025-47164, CVE-2025-47167? ?

 

Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.?

References?

Resources

Understand the threat landscape, and how to better defend your organisation, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilises threat intelligence to harden your attack surface and stop threats earlier and faster

Popular Topics
View all posts
Share this post:

What to read next

Back to Blog
Arctic Wolf Blog Featured Image
6 min read

Microsoft Patch Tuesday: April 2026

April 14, 2026

View Post
Arctic Wolf Blog Featured Image
2 min read

CVE-2026-2699 & CVE-2026-2701: Progress ShareFile Storage Zones Controller Pre-Auth RCE Chain

April 6, 2026

View Post
Arctic Wolf Blog Featured Image
4 min read

Supply Chain Attack Impacts Widely Used Axios npm Package

March 31, 2026

View Post
Arctic Wolf Blog Featured Image
2 min read

CVE-2025-53521: F5 BIG-IP APM Vulnerability Reclassified as Unauthenticated RCE and Exploited in the Wild

March 31, 2026

View Post