News
Microsoft June Patch Tuesday: Zero-Day WebDAV Fix Highlights Smaller Batch
Microsoft's June Patch Tuesday is here with fixes for 66 vulnerabilities across its software portfolio, including one actively exploited zero-day, one publicly disclosed zero-day flaw and a set of unpatched Office flaws that security researchers say could be far more dangerous than the numbers suggest.
The standout issue is CVE-2025-33053, a remote code execution (RCE) vulnerability in the Web Distributed Authoring and Versioning (WebDAV) protocol that Microsoft confirmed is being exploited in the wild. According to the company, the flaw requires a targeted victim to click on a malicious URL or visiting a compromised Web site to trigger. Microsoft noted that multiple updates may be necessary to fully remediate the flaw on older Windows systems.
Security experts warned of its real-world impact. "What makes this flaw particularly concerning is the widespread use of WebDAV in enterprise environments for remote file sharing and collaboration," said Mike Walters, president and co-founder of Action1. "An estimated 70–80 percent of enterprises could be vulnerable -- especially those lacking strict URL filtering or user training on phishing threats."
Check Point Research has linked the flaw to the Stealth Falcon threat group, which reportedly used social engineering to lure victims into opening URL files that exploit the vulnerability.
The second zero-day flaw fixed this month is CVE-2025-33073 -- a SMB client vulnerability that could lead to an attacker gaining SYSTEM-level privileges, if exploited. While this flaw has been publicly disclosed, no active attacks have yet to be seen in the wild.
June 'Critical' Bulletins
IT should take care to quickly apply fixes for
CVE-2025-47162,
CVE-2025-47164,
CVE-2025-47167, and
CVE-2025-47953 -- four Office vulnerabilities that are capable of executing code via Outlook’s preview pane without user clicks. Microsoft has rated "Exploitation More Likely" in three out of four cases.
Action1’s Walters emphasized that
CVE-2025-47162, a heap-based buffer overflow, is likely the most immediately exploitable, though all four warrant urgent attention. He urged organizations to disable the Outlook preview pane and filter email attachments until Microsoft delivers full fixes.
This month's remaining critical vulnerabilities patched include:
- CVE-2025-47172: Remote code execution flaw in Microsoft SharePoint (CVSS 8.8).
- CVE-2025-47966: Elevation of privilege flaw in Power Automate (CVSS 9.8).
- CVE-2025-33071: Remote code execution flaw in Windows KDC Proxy Service (KPSSVC) (CVSS 8.1).
- CVE-2025-33070: Elevation of privilege flaw in Windows Netlogon (CVSS 8.1).
- CVE-2025-32710: Remote code execution flaw in Windows Remote Desktop Services (CVSS 8.1).
- CVE-2025-29828: Remote code execution flaw in Windows Schannel (CVSS 8.1).
Click here for the full list of June's security bulletins.