Security update review for Microsoft and Adobe's Patch Tuesday releases in June 2025
Microsoft has released its monthly update of security patches, addressing a total of 69 vulnerabilities across various product families and versions. These include, but are not limited to, Windows Storage Management Provider, Windows Remote Desktop Services, Windows Win32K - GRFX, Windows Installer, Remote Desktop Client, Windows Media, Windows SMB, Windows Recovery Driver, Windows Storage Port Driver, WebDAV, Microsoft Local Security Authority Server (lsasrv), Windows Local Security Authority (LSA), Windows Routing and Remote Access Service (RRAS), Windows Kernel, Windows Standards-Based Storage Management Service, App Control for Business (WDAC), Microsoft Office, Microsoft Office SharePoint, Microsoft Office Excel, Microsoft Office Word, Microsoft Office Outlook, Microsoft Office PowerPoint, Windows Remote Access Connection Manager, Windows Security App, Visual Studio, Windows SDK, Power Automate, Microsoft AutoUpdate (MAU), Windows Hello, Nuance Digital Engagement Platform, Windows Secure Boot, and Microsoft Edge (Chromium-based).
Addressing Chromium-based Microsoft Edge Vulnerabilities
Two vulnerabilities in Microsoft Edge (Chromium-based) have been addressed, ensuring a more secure browsing experience for users.
Patching Other Critical Vulnerabilities
Other critical vulnerabilities addressed in this update include:
- CVE-2025-29828: A Windows Schannel Remote Code Execution Vulnerability
- CVE-2025-32710: An unauthenticated attacker can elevate privileges over a network due to the use of uninitialized resources in Windows Netlogon
- CVE-2025-32713: An elevation of privilege vulnerability in the Windows Common Log File System Driver
- CVE-2025-32714: An elevation of privilege vulnerability in Windows Installer
- CVE-2025-33053: A Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
- CVE-2025-33070: An unauthenticated attacker can elevate privileges over a network due to the use of uninitialized resources in Windows Netlogon
- CVE-2025-33071: A Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
- CVE-2025-47162: A Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-47164: Another Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-47167: A type confusion flaw in Microsoft Office allowing remote code execution
- CVE-2025-47953: A Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-47962: An elevation of privilege vulnerability in Windows SDK due to improper access control
- CVE-2025-47966: A Power Automate Elevation of Privilege Vulnerability
Patch Tuesday for Adobe Products
Adobe has also released seven security advisories to address 254 vulnerabilities in its products, including Adobe InCopy, Adobe Experience Manager, Adobe Commerce, Adobe InDesign, Adobe Substance 3D Sampler, Adobe Acrobat Reader, and Adobe Substance 3D Painter.
Qualys' Role in Patching and Mitigation
Qualys VMDR has been instrumental in this month's Patch Tuesday, automatically detecting new vulnerabilities and deploying the most relevant and applicable per-technology version patches. Qualys has created mitigations for a series of vulnerabilities, including CVE-2025-33064, CVE-2025-33066, CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, CVE-2025-47167, CVE-2025-47171, and CVE-2025-33053.
Qualys TruRisk Mitigate product customers receive these scripts as part of the Patch Tuesday signature set.
Looking Ahead to July 8
The next Patch Tuesday falls on July 8, where Microsoft is expected to continue addressing security vulnerabilities across its product lineup. Users are encouraged to keep their systems up-to-date to ensure continued protection against potential threats.
