Patch Tuesday June 2025

Microsoft's June 2025 Patch Tuesday release delivers patches for 67 vulnerabilities, including 1 zero-day, 1 previously disclosed issue, and 11 classified as Critical. MSPs should prioritize deployment to protect both their infrastructure and client environments from these high-risk vulnerabilities. 

Key Vulnerabilities Addressed 

CVE-2025-33053 – WebDAV Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A vulnerability in WebDAV allows external control of file names or paths, enabling unauthorized attackers to execute code over a network. 

• Risk: This zero-day vulnerability is actively exploited in the wild through social engineering attacks that trick users into clicking specially crafted URLs. 

• MSP Relevance: With a CVSS score of 8.8 and confirmed active exploitation, this vulnerability requires immediate patching priority across all managed environments. 

CVE-2025-47966 – Power Automate Privilege Escalation 

• Impact: Elevation of Privilege 

• Description: This vulnerability exposes sensitive information to unauthorized actors in Power Automate, allowing attackers to elevate privileges over a network. 

• Risk: The vulnerability carries the highest CVSS score of 9.8 in this patch cycle, though it affects a cloud service requiring no customer action. This CVE was included in June’s Patch Tuesday release to provide further transparency. 

• MSP Relevance: Microsoft manages the remediation process directly, reducing the impact on customer environments while maintaining high severity. 

CVE-2025-33073 – Windows SMB Client Privilege Escalation 

• Impact: Elevation of Privilege 

• Description: Improper access control in Windows SMB client allows authorized attackers to elevate privileges to SYSTEM level over a network. To exploit this vulnerability, an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate resulting in SYSTEM-level privileges. 

• Risk: This previously disclosed vulnerability enables attackers to compromise systems by convincing victims to connect to malicious SMB servers. 

• MSP Relevance: The CVSS score of 8.8 combined with network-based exploitation paths poses significant risks to environments using SMB protocols. 

CVE-2025-47162 – Microsoft Office Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A heap-based buffer overflow in Microsoft Office allows unauthorized attackers to execute code locally. 

• Risk: This vulnerability carries an "Exploitation More Likely" rating and can be triggered through the Preview Pane attack vector. 

• MSP Relevance: This is the perfect type of exploit to be used in a malicious email for initial access as it is triggered via the Preview Pane so does not even require user input. 

CVE-2025-47164 – Microsoft Office Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A use-after-free vulnerability in Microsoft Office allows unauthorized attackers to execute code locally. 

• Risk: This vulnerability is rated as "Exploitation More Likely" and poses immediate threats to Office users. 

• MSP Relevance: With a CVSS score of 8.4, this vulnerability requires priority patching across all managed Office deployments. 

CVE-2025-47167 – Microsoft Office Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A type confusion vulnerability in Microsoft Office allows unauthorized attackers to execute code locally. 

• Risk: This vulnerability carries an "Exploitation More Likely" rating and can be exploited through the Preview Pane attack vector. 

• MSP Relevance: The CVSS score of 8.4 combined with Preview Pane exploitation makes this a critical concern for organizations using Office Preview features. 

CVE-2025-47953 – Microsoft Office Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A use-after-free vulnerability in Microsoft Office allows unauthorized attackers to execute code locally. 

• Risk: This vulnerability can be exploited through the Preview Pane attack vector, increasing the likelihood of successful exploitation. 

• MSP Relevance: With a CVSS score of 8.4, organizations must prioritize patching and consider disabling Preview Pane functionality temporarily. 

CVE-2025-47172 – Microsoft SharePoint Server Remote Code Execution 

• Impact: Remote Code Execution 

• Description: Improper neutralization of SQL command elements in SharePoint allows authenticated attackers to execute code over a network. 

• Risk: This vulnerability requires a minimum of Site Member permissions but enables remote code execution on SharePoint servers. 

• MSP Relevance: The CVSS score of 8.8 represents a significant threat to organizations using SharePoint for collaboration and document management. 

CVE-2025-33070 – Windows Netlogon Privilege Escalation 

• Impact: Elevation of Privilege 

• Description: The use of uninitialized resources in Windows Netlogon allows unauthorized attackers to gain domain administrator privileges. 

• Risk: Attackers can achieve unauthenticated remote code execution by sending specially crafted authentication requests to domain controllers. 

• MSP Relevance: With a CVSS score of 8.1 and the potential for domain-level compromise, this vulnerability is critical for Active Directory environments. 

CVE-2025-33071 – Windows KDC Proxy Service RCE 

• Impact: Remote Code Execution 

• Description: A use-after-free vulnerability in Windows KDC Proxy Service enables unauthorized attackers to execute code over a network, though successful exploitation requires winning a race condition. 

• Risk: This vulnerability specifically affects Windows Servers configured as KDC Proxy Protocol servers, while domain controllers remain unaffected. 

• MSP Relevance: The CVSS score of 8.1 targets specific server configurations that require immediate assessment and patching. 

CVE-2025-29828 – Windows Schannel Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A memory management flaw in Windows Cryptographic Services allows unauthorized attackers to execute code over a network after sending a large number of messages. 

• Risk: Attackers can exploit this vulnerability by sending malicious fragmented ClientHello messages to servers that accept TLS connections. 

• MSP Relevance: The CVSS score of 8.1 affects any services utilizing TLS encryption, requiring comprehensive assessment of TLS-enabled infrastructure. 

CVE-2025-32710 – Windows Remote Desktop Services Remote Code Execution 

• Impact: Remote Code Execution 

• Description: A use-after-free vulnerability in Windows Remote Desktop Services allows unauthorized attackers to execute code over a network, though exploitation requires winning a race condition. 

• Risk: Attackers can exploit this vulnerability by attempting connections to systems with the Remote Desktop Gateway role to trigger the race condition. 

• MSP Relevance: With a CVSS score of 8.1, this vulnerability specifically targets remote access infrastructure that many organizations depend on for remote work capabilities. 

Why It Matters to MSPs 

These vulnerabilities present multiple serious risks to managed service providers and their clients: 

1. Active Zero-Day Exploitation Targeting End Users: CVE-2025-33053 WebDAV vulnerability is being exploited in the wild through social engineering attacks that trick users into clicking malicious URLs, requiring immediate emergency patching across all client environments and review of WebDAV usage policies. 

2. Domain-Wide Compromise Potential: CVE-2025-33070 Netlogon vulnerability enables unauthenticated attackers to gain domain administrator privileges, threatening entire Active Directory infrastructures that MSPs manage and requiring priority patching of all domain controllers. 

3. Silent Office Infections via Preview Pane: Five critical Office vulnerabilities exploit Preview Pane functionality to execute code without users opening files, creating a significant attack surface that requires immediate Preview Pane disabling across managed environments until patching is complete. 

4. Remote Work Infrastructure Under Attack: Critical vulnerabilities in RDP Services and TLS/Schannel target the remote access infrastructure that MSPs extensively manage for distributed workforces, necessitating immediate auditing and patching of all remote access gateways.