Microsoft’s Latest Update Patches Two Zero-Day Vulnerabilities
Microsoft just released its Patch Tuesday update for June, which fixes 66 security vulnerabilities in Windows and Microsoft systems. Two of the vulnerabilities are zero-days: one is actively exploited, the other is publicly disclosed, and 10 bugs are rated critical.
As Bleeping Computer notes , this month’s patch fixes 13 privilege escalation vulnerabilities, three security feature bypass vulnerabilities, 25 remote code execution vulnerabilities, 17 information disclosure vulnerabilities, six denial of service vulnerabilities, and two spoofing vulnerabilities. Eight remote code execution vulnerabilities are labeled “critical,” along with two privilege escalation vulnerabilities.
Zero-day vulnerabilities patched in June 2025.
June’s Patch Tuesday addresses two zero-day vulnerabilities that are either actively exploited in the wild or become publicly known before a patch is officially released to users.
An active exploit (CVE-2025-33053) is a remote code execution vulnerability in Microsoft Windows Web Distributed Authoring and Versioning that allows attackers to execute arbitrary code on an affected system if a user clicks on a “specially crafted” WebDav URL. The vulnerability was discovered by Check Point Research and exploited by a group called “Stealth Falcon.”
The publicly disclosed zero-day vulnerability (CVE-2025-33073) is a Windows SMB vulnerability that allows an attacker to gain SYSTEM privileges by executing a malicious script. Microsoft did not provide further details, although it attributes the discovery to several researchers representing various cybersecurity teams.
Five of the critical vulnerabilities fixed this month are in Microsoft Office, including Excel and SharePoint. The remaining issues were spread to Power Automate, Windows Cryptographic Services, Windows KDC Proxy Service, Windows Netlogon and Windows Remote Desktop Services.
What Microsoft Users Need to Do Now
In most cases, Microsoft and Windows security updates will be automatically downloaded and installed on your device, but you can make sure you have the latest version by going to Start > Settings > Windows Update and selecting Check for Windows updates .
Microsoft typically releases Patch Tuesday patches on the second Tuesday of the month. Timely updates are essential to minimizing the risk of your device or system being vulnerable to exploits.