Summary
On June 11 (UTC+8), 2025, Microsoft released its June 2025 Security Updates, which included patches for a total of 69 CVEs, a decrease of 13 CVEs compared to the previous month.
In terms of vulnerability severity, there were 10 vulnerabilities marked as "Critical" and 58 vulnerabilities marked as "Important/High". In terms of vulnerability types, there were primarily 27 remote code execution vulnerabilities, 14 privilege escalation vulnerabilities, and 17 information disclosure vulnerabilities.
Statistics
Vulnerability Trend
Figure 1 Vulnerabilities Patched by Microsoft in the Last 12 Months
On the whole, Microsoft released 69 patches in June 2025, including 10 critical vulnerability patches.
Based on Microsoft's historical vulnerability disclosures and the specific circumstances of this year, Sangfor FarSight Labs estimates that Microsoft will announce more vulnerabilities in the coming July in comparison to June. We expect a figure of approximately 80 vulnerabilities.
Comparison of Vulnerability Trends
The following figure shows the number of patches released by Microsoft in the month of June from 2022 to 2025.
Figure 2 Number of Windows Patches Released by Microsoft in June from 2022 to 2025
The following figure shows the trend and number of vulnerabilities at different severity levels addressed by Microsoft in June from 2022 to 2025.
Figure 3 Number of Vulnerabilities by Severity Level Addressed by Microsoft in June from 2022 to 2025
The following figure shows the number of vulnerabilities by type addressed by Microsoft in June from 2022 to 2025.
Figure 4 Number of Vulnerabilities by Type Addressed by Microsoft in June from 2022 to 2025
Data source: Microsoft security updates
Compared to last year, there has been an increase in terms of the number of vulnerabilities of this year. The number of vulnerabilities addressed by Microsoft in June 2025 has increased. A total of 69 vulnerability patches, including 10 critical ones, have been reported this month.
Compared to last year, the number of vulnerabilities at the Critical level addressed by Microsoft has increased, and that of vulnerabilities at the Important/High level has also increased. Specifically, 10 vulnerabilities at the Critical level have been addressed, an increase of about 900%; and 58 vulnerabilities at the Important/High level have been addressed, an increase of about 2%.
In terms of the vulnerability type, both the number of remote code execution (RCE) vulnerabilities and the number of denial-of-service (DoS) vulnerabilities have increased, whereas the number of elevation of privilege (EoP) vulnerabilities has decreased. We should remain highly vigilant because, when combined with social engineering techniques, attackers can exploit RCE vulnerabilities to take over the entire LAN and launch attacks.
Details of Key Vulnerabilities
Analysis
Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability (CVE-2025-33053)
WebDAV is an HTTP extension that allows users to create, edit, move, copy, and delete files on remote web servers directly from a client. WebDAV can be used over port 80 or 443, and is commonly built into operating systems and web servers.
A remote code execution vulnerability exists in it, which attackers can exploit to execute arbitrary code on the target system. This vulnerability has been reportedly exploited in the wild, and after assessment, it is considered critical in threat level. We recommend that users promptly update the Microsoft security patches.
Windows Netlogon Elevation of Privilege Vulnerability (CVE-2025-33070)
The Netlogon service in Windows is used to establish and maintain secure channels between domain members and domain controllers, enabling the pass-through authentication of New Technology LAN Manager (NTLM) or Kerberos. In addition, Netlogon is also responsible for domain controller positioning and machine account authentication.
An elevation of privilege vulnerability exists in it, which attackers can exploit to gain higher privileges on the target system. After assessment, it is considered that this vulnerability is critical in threat level. We recommend that users promptly update the Microsoft security patches.
Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability (CVE-2025-33071)
Windows KPSSVC is an HTTPS relay service running on edge or remote access servers, such as Remote Desktop Gateway (RD Gateway) and DirectAccess. It listens on the /KdcProxy interface typically over port 443, and can relay Kerberos requests (including credential acquisition and password change requests) to an internal domain controller through a TLS proxy without the need to establish a direct KDC connection. In addition, it supports remote device authentication and password changes.
A remote code execution vulnerability exists in it, which attackers can exploit to execute arbitrary code on the target system. After assessment, it is considered that this vulnerability is critical in threat level. We recommend that users promptly update the Microsoft security patches.
Affected Versions
| Vulnerability Name & CVE ID | Affected Version |
|---|---|
| Web Distributed Authoring and Versioning (WebDAV) Remote Code Execution Vulnerability (CVE-2025-33053) | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems |
| Windows Netlogon Elevation of Privilege Vulnerability (CVE-2025-33070) | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems |
| Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability (CVE-2025-33071) | Windows Server 2025 (Server Core installation) Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 |
Solutions
Official Solution
Microsoft has released security patches for affected software. Affected users can install the corresponding security patches based on the system versions.
Download Links:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33071
References
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
Timeline
On June 11, 2025, Microsoft released a security bulletin.
On June 11, 2025, Sangfor FarSight Labs released a vulnerability alert.
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
