This month, Microsoft has unveiled its Patch Tuesday update for June, introducing fixes for a total of 66 security issues affecting both Windows and various Microsoft platforms. Among these vulnerabilities are two classified as zero-day—one currently being exploited and another that has been publicly disclosed—alongside 10 others deemed as critical.

According to Bleeping Computer, this month’s updates address a range of security concerns: 13 related to elevation-of-privilege, three for security-feature bypass, 25 that allow remote code execution, 17 linked to information disclosure, six denial-of-service issues, and two related to spoofing. Notably, eight remote-code-execution vulnerabilities and two elevation-of-privilege flaws are categorized as critical.

Zero-Day Vulnerabilities Resolved in June 2025

This month’s Patch Tuesday specifically addresses two zero-day vulnerabilities. These are issues that are either under active exploitation or have been publicly disclosed prior to the availability of a fix.

The exploit currently in the wild (CVE-2025-33053) is a remote-code-execution vulnerability found in Microsoft Windows Web Distributed Authoring and Versioning, which could allow malicious actors to run arbitrary code if a user interacts with a specially designed WebDav URL. This flaw was uncovered by Check Point Research and is actively being exploited by a group known as “Stealth Falcon.”

The second zero-day (CVE-2025-33073) pertains to an elevation-of-privilege vulnerability in Windows SMB, enabling an attacker to escalate privileges to SYSTEM by running a harmful script. Microsoft has not released further details but acknowledges contributions from multiple cybersecurity research teams for its discovery.

This month also addresses five critical vulnerabilities within Microsoft Office, affecting applications such as Excel and SharePoint. Other issues are distributed across various services, including Power Automate, Windows Cryptographic Services, Windows KDC Proxy Service, Windows Netlogon, and Windows Remote Desktop Services.

Action Steps for Microsoft Users

Most security updates from Microsoft are automatically downloaded and installed on devices. However, to confirm you have the latest updates, navigate to Start > Settings > Windows Update and select Check for updates.

Patch Tuesday updates are typically rolled out on the second Tuesday of every month, making it crucial to install updates promptly to mitigate the risk of vulnerabilities being exploited.