Today marks Microsoft Patch Tuesday for June 2025, with 66 vulnerabilities addressed.

This update includes two zero-day vulnerabilities and several other high-severity remote code execution vulnerabilities. One of the zero-day vulnerabilities is actively being exploited, so it’s crucial to apply the relevant patches as soon as possible.

Notable Vulnerabilities for June

• CVE-2025-33053: A zero-day vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) protocol affects all supported Windows versions. If exploited, it could allow attackers to execute remote code on the target system.
• CVE-2025-33073: This zero-day vulnerability in the Windows SMB Client could enable attackers to elevate their privileges on the target system if successfully exploited.
• CVE-2025-33064: A vulnerability in Windows Routing and Remote Access Service (RRAS) that could allow remote code execution if exploited.
• CVE-2025-33066: Another vulnerability in Windows RRAS that could lead to remote code execution if successfully exploited.
• CVE-2025-47172: A SQL injection vulnerability in Microsoft SharePoint Server that could result in remote code execution if exploited.
• CVE-2025-47163: A vulnerability in Microsoft SharePoint Server that could allow remote code execution if successfully exploited.

For more detailed information on these and other vulnerabilities, please refer to the release notes.

Need help addressing the above in your own organization? Speak to an Outpost24 expert.