Microsoft and Adobe Address Critical Vulnerabilities in June 2025 Patch Tuesday
Microsoft’s June 2025 Patch Tuesday released fixes for 69 vulnerabilities, including 10 critical and 57 important flaws across Windows, enterprise products, and Microsoft Edge. Among these, two zero-day vulnerabilities were patched—one actively exploited in the wild and another publicly disclosed.
Key Vulnerabilities and Exploits
-
Zero-Day Exploits:
- CVE-2025-33053 (WebDAV RCE): A remote code execution (RCE) flaw in WebDAV, exploited by the APT group Stealth Falcon (FruityArmor), allows unauthenticated attackers to execute code if a user opens a malicious file. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added this to its Known Exploited Vulnerabilities Catalog, mandating patches by July 1, 2025.
- Windows SMB Privilege Escalation: An improper access control flaw enables authenticated attackers to gain SYSTEM privileges.
-
Critical RCE Flaws:
- Windows Cryptographic Services (TLS ClientHello Fragmentation): Allows unauthenticated RCE via maliciously crafted TLS handshakes.
- Windows Remote Desktop Services (RDS): A use-after-free vulnerability enables RCE if an attacker wins a race condition.
- Microsoft Office (Heap Buffer Overflow & Use-After-Free): Multiple RCE flaws, including CVE-2025-47953 and CVE-2025-47164, could be triggered by opening malicious files.
- Windows KDC Proxy Service (KPSSVC): A use-after-free flaw permits unauthenticated RCE.
- Windows Netlogon (Uninitialized Resource Use): Enables privilege escalation to SYSTEM.
-
Other High-Impact Flaws:
- Windows Common Log File System Driver (CVE-2025-32713): Elevation of privilege to SYSTEM.
- Windows Installer (CVE-2025-32714) & Windows SDK (CVE-2025-47962): Improper access controls allowing SYSTEM privilege escalation.
- Power Automate (Information Disclosure): Exposes sensitive data to unauthenticated attackers.
- Microsoft Office SharePoint (SQL Injection): Authenticated RCE via improperly neutralized SQL commands.
Adobe’s June 2025 Security Updates
Adobe released seven advisories addressing 254 vulnerabilities in products including:
- Adobe InCopy, Experience Manager, Commerce, InDesign, Substance 3D Sampler/Painter, and Acrobat Reader.
- 18 critical flaws could lead to privilege escalation, security feature bypass, and arbitrary code execution.
Affected Microsoft Products
The updates cover vulnerabilities in:
- Windows OS components (SMB, LSASS, DWM Core Library, DHCP Server, KDC Proxy Service).
- Microsoft Office (Word, Excel, Outlook, PowerPoint, SharePoint).
- Enterprise tools (Visual Studio, Power Automate, Remote Desktop Services, Netlogon).
- Security features (Schannel, Secure Boot, Windows Hello).
Microsoft’s next Patch Tuesday is scheduled for July 8, 2025. Organizations are advised to prioritize patching, particularly for zero-day and critical RCE vulnerabilities, to mitigate active exploitation risks.
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft
Adobe TPRM report: https://www.rankiteo.com/company/adobe
"id": "micado1767020959",
"linkid": "microsoft, adobe",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Millions of users and '
'organizations worldwide',
'industry': 'Software',
'location': 'Global',
'name': 'Microsoft',
'size': 'Enterprise',
'type': 'Technology Company'},
{'customers_affected': 'Millions of users and '
'organizations worldwide',
'industry': 'Software',
'location': 'Global',
'name': 'Adobe',
'size': 'Enterprise',
'type': 'Technology Company'}],
'attack_vector': ['Network', 'Local', 'Remote'],
'customer_advisories': 'Public disclosure via Patch Tuesday release notes and '
'security blogs.',
'data_breach': {'data_exfiltration': 'Possible (via WebDAV zero-day)',
'personally_identifiable_information': 'Possible',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive system information',
'Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-06-11',
'date_publicly_disclosed': '2025-06-11',
'date_resolved': '2025-06-11',
'description': 'Microsoft’s June 2025 Patch Tuesday addressed 69 '
'vulnerabilities, including 10 critical and 57 important '
'severity vulnerabilities. The updates include fixes for one '
'zero-day vulnerability being exploited in the wild and one '
'publicly disclosed vulnerability. Adobe also released patches '
'for 254 vulnerabilities across multiple products.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exploitation of unpatched '
'vulnerabilities',
'data_compromised': ['Sensitive Information (Power Automate)',
'Personally Identifiable Information (PII)'],
'identity_theft_risk': 'High (if PII is compromised)',
'operational_impact': 'Potential system compromise, privilege '
'escalation, and remote code execution',
'systems_affected': ['Windows OS',
'Microsoft Office',
'Microsoft Office SharePoint',
'Microsoft Edge (Chromium-based)',
'Windows Remote Desktop Services',
'Windows Cryptographic Services',
'Windows DHCP Server',
'Windows KDC Proxy Service (KPSSVC)',
'Windows DWM Core Library',
'Windows LSASS',
'Adobe InCopy',
'Adobe Experience Manager',
'Adobe Commerce',
'Adobe InDesign',
'Adobe Substance 3D Sampler',
'Adobe Acrobat Reader',
'Adobe Substance 3D Painter']},
'initial_access_broker': {'entry_point': 'WebDAV (CVE-2025-33053)'},
'investigation_status': 'Completed',
'lessons_learned': 'Importance of timely patching, especially for zero-day '
'vulnerabilities. Need for enhanced monitoring and network '
'segmentation to mitigate risks.',
'motivation': ['Espionage', 'Malware Deployment'],
'post_incident_analysis': {'corrective_actions': ['Timely patch deployment',
'Enhanced vulnerability '
'management',
'Network segmentation and '
'monitoring'],
'root_causes': ['Unpatched zero-day '
'vulnerabilities',
'Improper access controls',
'Use-after-free and buffer '
'overflow flaws']},
'recommendations': ['Apply June 2025 Patch Tuesday updates immediately',
'Prioritize patching for critical and zero-day '
'vulnerabilities',
'Monitor systems for signs of exploitation',
'Disable unnecessary services like WebDAV if not in use',
'Implement network segmentation and enhanced monitoring'],
'references': [{'date_accessed': '2025-06-11',
'source': 'Qualys Blog',
'url': 'https://blog.qualys.com/'},
{'date_accessed': '2025-06-11',
'source': 'Microsoft Security Update Guide',
'url': 'https://msrc.microsoft.com/update-guide'},
{'date_accessed': '2025-06-11',
'source': 'Adobe Security Bulletins',
'url': 'https://helpx.adobe.com/security.html'},
{'date_accessed': '2025-06-11',
'source': 'CISA Known Exploited Vulnerabilities Catalog',
'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog'}],
'regulatory_compliance': {'regulatory_notifications': ['CISA added '
'CVE-2025-33053 to '
'Known Exploited '
'Vulnerabilities '
'Catalog']},
'response': {'communication_strategy': ['Public disclosure via Patch Tuesday '
'release notes',
'Security advisories from Microsoft '
'and Adobe'],
'containment_measures': ['Patch deployment via Microsoft Update',
'Adobe security advisories and patches'],
'enhanced_monitoring': 'Recommended for critical systems',
'incident_response_plan_activated': 'Yes',
'remediation_measures': ['Applied patches for 69 Microsoft '
'vulnerabilities',
'Applied patches for 254 Adobe '
'vulnerabilities']},
'stakeholder_advisories': 'Microsoft and Adobe security advisories issued to '
'customers and partners.',
'threat_actor': 'Stealth Falcon (aka FruityArmor)',
'title': 'Microsoft June 2025 Patch Tuesday - Critical and Important '
'Vulnerabilities',
'type': ['Patch Release', 'Vulnerability Disclosure'],
'vulnerability_exploited': ['CVE-2025-33053 (WebDAV External Control of File '
'Name or Path)',
'CVE-2025-33064 (Windows SMB Improper Access '
'Control)',
'CVE-2025-47953 (Microsoft Office Heap-Based '
'Buffer Overflow)',
'CVE-2025-47164 (Microsoft Office Use-After-Free)',
'CVE-2025-47167 (Windows KDC Proxy Service '
'Use-After-Free)',
'CVE-2025-47171 (Windows Netlogon Use of '
'Uninitialized Resources)',
'CVE-2025-32713 (Windows Common Log File System '
'Driver EoP)',
'CVE-2025-32714 (Windows Installer EoP)',
'CVE-2025-47962 (Windows SDK EoP)']}