Microsoft Patch Tuesday: June 2025

On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in this security bulletin due to their potential impact.

On 10 June 2025, Microsoft released its June 2025 security update, addressing 66 newly disclosed vulnerabilities. Arctic Wolf has highlighted five of these vulnerabilities in this security bulletin due to their potential impact.

Vulnerabilities

Vulnerability	CVSS	Description	Exploited?
CVE-2025-33053	8.8	Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability – A remote threat actor can exploit this vulnerability to execute code over the network by leveraging external control of file name or path in WebDAV. WebDAV is a protocol that allows users to remotely manage and edit files on web servers. According to Check Point researchers, the threat group Stealth Falcon exploited CVE-2025-33053 as a zero-day vulnerability, using it to compromise government and defense entities in the Middle East.	Yes
CVE-2025-47162	8.4	Microsoft Office Remote Code Execution Vulnerability – A heap-based buffer overflow flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.	No
CVE-2025-47164	8.4	Microsoft Office Remote Code Execution Vulnerability – A use after free (UAF) flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.	No
CVE-2025-47167	8.4	Microsoft Office Remote Code Execution Vulnerability – A type confusion flaw in Microsoft Office that allows unauthorised threat actors to execute code locally. Although the threat actor may be remote, exploitation requires code execution on the local machine.	No
CVE-2025-33073	8.8	Windows SMB (Server Message Block) Client Elevation of Privilege Vulnerability – A remote threat actor can exploit this vulnerability by executing a specially crafted script to coerce a victim machine into connecting to a malicious SMB server and authenticating, potentially leading to elevation of privilege. Microsoft has indicated that a proof-of-concept (PoC) exploit exists for this vulnerability.	No

Recommendation

Upgrade to Latest Fixed Versions

Arctic Wolf strongly recommends that customers upgrade to the latest fixed versions.

Affected Product	CVE	Update Article
Windows Server 2025	CVE-2025-33053, CVE-2025-33073	5060842, 5060841
Windows Server 2022, 23H2 Edition (Server Core installation)	CVE-2025-33053, CVE-2025-33073	5060118
Windows Server 2022	CVE-2025-33053, CVE-2025-33073	5060526, 5060525
Windows Server 2019	CVE-2025-33053, CVE-2025-33073	5060531, 5061010
Windows Server 2016	CVE-2025-33073	5061010
Windows Server 2012 R2	CVE-2025-33053, CVE-2025-33073	5061018, 5060996
Windows Server 2012	CVE-2025-33053, CVE-2025-33073	5061059, 5060996
Windows Server 2008 R2 for x64-based Systems Service Pack 1	CVE-2025-33053, CVE-2025-33073	5061078, 5060996, 5061036
Windows Server 2008 for 32-bit, and x64-based Systems Service Pack 2	CVE-2025-33053, CVE-2025-33073	5061026, 5060996, 5061072
Windows 11 Version 24H2 for x64-based, and ARM64-based Systems	CVE-2025-33053, CVE-2025-33073	5060842, 5060841
Windows 11 Version 23H2 for x64-based, and ARM64-based Systems	CVE-2025-33053, CVE-2025-33073	5060999
Windows 11 Version 22H2 for x64-based, and ARM64-based Systems	CVE-2025-33053, CVE-2025-33073	5060999
Windows 10 Version 22H2 for 32-bit, x64-based, and ARM64-based Systems	CVE-2025-33053, CVE-2025-33073	5060533
Windows 10 Version 21H2 for 32-bit, x64-based, and ARM64-based Systems	CVE-2025-33053, CVE-2025-33073	5060533
Windows 10 Version 1809 for 32-bit, and x64-based Systems	CVE-2025-33053, CVE-2025-33073	5060531
Windows 10 Version 1607 for 32-bit, and x64-based Systems	CVE-2025-33053, CVE-2025-33073	5061010
Windows 10 for 32-bit, and x64-based Systems	CVE-2025-33053, CVE-2025-33073	5060998
Microsoft Office LTSC for Mac 2024	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Release Notes
Microsoft Office LTSC for Mac 2021	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Release Notes
Microsoft Office LTSC 2024 for 32-bit, and 64-bit editions	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Click to Run
Microsoft Office LTSC 2021 for 32-bit, and 64-bit editions	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Click to Run
Microsoft Office for Android	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Release Notes
Microsoft Office 2019 for 32-bit, and 64-bit editions	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Click to Run
Microsoft Office 2016 32-bit, and 64-bit editions	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	5002730, 5002616
Microsoft 365 Apps for Enterprise for 32-bit, and 64-bit Systems	CVE-2025-47162, CVE-2025-47164, CVE-2025-47167	Click to Run

Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.

References

Microsoft Patch Tuesday (June 2025)

- CVE-2025-33053

- - Exploitation Details

- CVE-2025-47162

- CVE-2025-47164

- CVE-2025-47167

- CVE-2025-33073

Resources

Understand the threat landscape, and how to better defend your organisation, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilises threat intelligence to harden your attack surface and stop threats earlier and faster

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Microsoft Patch Tuesday: June 2025

Company

Careers

Press

Microsoft Patch Tuesday: June 2025

Vulnerabilities

Recommendation

Upgrade to Latest Fixed Versions

References

Popular Topics

Share this post:

What to read next

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Customer Portal Policy

Accessibility Statement

Sustainability Statement

Information Security

Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

Security Bulletins

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

Arctic Wolf Observes Organizations Receiving Unsolicited Microsoft MFA Messages

Microsoft Patch Tuesday: June 2025

Company

Careers

Press

Microsoft Patch Tuesday: June 2025

Vulnerabilities

Recommendation

Upgrade to Latest Fixed Versions

References

Popular Topics

Share this post:

What to read next

8 min read

Trend Micro Fixes Several Critical Vulnerabilities in Apex Central and Endpoint Encryption PolicyServer

2 min read

Arctic Wolf Observes Organisations Receiving Unsolicited Microsoft MFA Messages

11 min read

CVE-2025-20286: PoC Available for Critical Cisco Identity Services Engine Static Credential Vulnerability

3 min read

CVE-2025-37093: HPE Fixes Critical RCE Vulnerability in StoreOnce

Earl Grey House 77 Grey St. 3rd Floor Newcastle upon TyneNE1 6EF UK

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Earl Grey House
77 Grey St. 3rd Floor
Newcastle upon Tyne
NE1 6EF
UK