Microsoft's June 2025 update addressed 67 security vulnerabilities, including two critical zero-day flaws. Users are bly advised to install the new version (137.0.3296.62) immediately.
In response to the ever-increasing threat of global cyberattacks, Microsoft released a significant security update for June 2025. As part of their monthly 'Patch Tuesday' updates, the company addressed a total of 67 security vulnerabilities, categorized as 11 critical and 56 important. Significantly, this update patched two highly dangerous zero-day vulnerabilities actively exploited by cyber attackers.
Most Significant Threat: CVE-2025-33053 (WebDAV Zero-Day)
The most serious vulnerability in this update is CVE-2025-33053, affecting the WebDAV (Web Distributed Authoring and Versioning) HTTP extension. This vulnerability has a CVSS score of 8.8, classifying it as a high-risk vulnerability.
Microsoft confirmed that this zero-day flaw was actively exploited. Hackers lured users into clicking malicious URLs to execute remote code on their systems, enabling them to modify the target machine's working directory.
Who is Behind the Attack?
This vulnerability was discovered by Check Point researchers David Driker and Alexandra Goofman. The report indicates that threat actors such as FruityArmor and Stealth Falcon exploited this weakness. FruityArmor has a history of involvement in espionage and targeted attacks.
Second Major Threat: Windows SMB Client Flaw
The patch also addressed a zero-day vulnerability in the Windows SMB (Samba) client. This flaw allowed a malicious user on a local network to gain system-level access.
Microsoft stated that this issue stemmed from improper access control, making devices connected to the SMB client easily susceptible.
Privilege Escalation to Remote Code Execution – All Fixed
According to Microsoft, this June update addressed:
- 14 vulnerabilities that could lead to privilege escalation, allowing a standard user to elevate their privileges to administrator.
- 26 vulnerabilities related to remote code execution, enabling attackers to remotely control a user's system.
- 17 security issues that could lead to sensitive data leaks.
Microsoft Edge Fixes Included
Microsoft also rolled out security fixes for its Chromium-based Edge browser earlier this month. These included a zero-day flaw, CVE-2025-5419, previously publicly patched by Google. This bug could target users' browsers and execute code via malicious websites.
User Warning: Update to This Version Immediately
Microsoft urges users to immediately install the latest stable version, 137.0.3296.62. This version provides protection against all security vulnerabilities addressed in this patch.
Failing to apply this update leaves your system vulnerable to hackers. Users of Windows Server, Windows 10/11, and Microsoft Edge browser should download and install this update immediately.
How to Update?
- Go to Windows Settings
- Select Update & Security
- Click Check for updates
- Install the available update and restart your system.
