Microsoft Monthly Security Update – 11 June 2025

In Cyber Security by Matsco Engineering Team

 

Microsoft have released a security advisory on the 11th of June 2025 in line with their regular monthly patch schedule which includes a number of updates to address vulnerabilities in two (2) extremely high risk, three (3) medium risk and one (1) low risk products. 

These updates address vulnerabilities which may impact services through Remote Code Execution, Elevation of Privilege, Information Disclosure, Denial of Service, Security Restriction Bypass, and
Spoofing. 

For more information please see: Microsoft Security Update

This release consists of security updates for the following products, features and roles:

  • .NET and Visual Studio
  • App Control for Business (WDAC)
  • Microsoft AutoUpdate (MAU)
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office Outlook
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Nuance Digital Engagement Platform
  • Power Automate
  • Remote Desktop Client
  • Visual Studio
  • WebDAV
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DHCP Server
  • Windows DWM Core Library
  • Windows Hello
  • Windows Installer
  • Windows KDC Proxy Service (KPSSVC)
  • Windows Kernel
  • Windows Local Security Authority (LSA)
  • Windows Local Security Authority Subsystem Service (LSASS)
  • Windows Media
  • Windows Netlogon
  • Windows Recovery Driver
  • Windows Remote Access Connection Manager
  • Windows Remote Desktop Services
  • Windows Routing and Remote Access Service (RRAS)
  • Windows SDK
  • Windows Security App
  • Windows Shell
  • Windows SMB
  • Windows Standards-Based Storage Management Service
  • Windows Storage Management Provider
  • Windows Storage Port Driver
  • Windows Win32K - GRFX

 

CVE-2025-33053 is being exploited in the wild. This vulnerability exist in Microsoft Windows Web Distributed Authoring and Versioning. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.

Proof of Concept exploit code is publicly available for CVE-2025-33073, affecting the Windows Server Message Block client. Successful exploitation of this vulnerability could allow an authorized attacker to elevate privileges on the affected system. 

Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post