Description:
Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
Reports indicated that the remote code execution vulnerability (CVE-2025-33053) in Microsoft Windows and Server is being exploited in the wild. In addition, the technical details of the elevation of privilege vulnerability (CVE-2025-33073) was publicly disclosed. System administrators and users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- Microsoft Windows 10, 11
- Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, 2022, 2022, 23H2 Edition, 2025
- Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, LTSC for Mac 2021, LTSC for Mac 2024, for Android
- Office Online Server
- Microsoft Excel 2016
- Microsoft Word 2016
- Microsoft PowerPoint 2016
- Microsoft Outlook 2016
- Microsoft 365 Apps for Enterprise
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Server 2019, Subscription Edition
- Microsoft Visual Studio 2022
- .NET 8.0 installed, 8.0 installed on Linux, 8.0 installed on Mac OS, 9.0 installed, 9.0 installed on Linux, 9.0 installed on Mac OS
- Microsoft AutoUpdate for Mac
- Remote Desktop client for Windows Desktop
- Windows App Client for Windows Desktop
- Windows Security App
- Windows SDK
Impact:
Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass or spoofing on an affected system.
Recommendation:
Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
- https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-june-2025
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24065
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24068 (to CVE-2025-24069)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29828
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30399
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32710
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32712 (to CVE-2025-32722)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32724 (to CVE-2025-32725)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33052 (to CVE-33053)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33055 (to CVE-2025-33071)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33075
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47162 (to CVE-2025-47176)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47953
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47955 (to CVE-2025-47957)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47959
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47962
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47968 (to CVE-2025-47969)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47977