Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for June 2025

by Security News

Overview

Microsoft’s June 2025 Patch Tuesday includes 66 vulnerabilities, 25 of which are classified as Remote Code Execution (RCE). The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month and produced protection coverage for eight of the reported vulnerabilities.

Vulnerabilities with Detections

CVECVE TitleSignature
CVE-2025-32713Windows Common Log File System Driver Elevation of Privilege VulnerabilityASPY 7087Exploit-exe exe.MP_451
CVE-2025-32714Windows Installer Elevation of Privilege VulnerabilityASPY 7088 Exploit-exe exe.MP_452
CVE-2025-33053Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution VulnerabilityIPS 21124 Windows WebDAV Remote Code Execution (CVE-2025-33053)
CVE-2025-33070Windows Netlogon Elevation of Privilege VulnerabilityIPS 21129 Windows Netlogon Elevation of Privilege Vulnerability (CVE-2025-33070)
CVE-2025-33071Windows KDC Proxy Service (KPSSVC) Remote Code Execution VulnerabilityIPS 4513 Windows KDC Proxy Service Remote Code Execution (CVE-2025-33071)
CVE-2025-47162Microsoft Office Remote Code Execution VulnerabilityASPY 643 Malformed-xls xls.MP_21
CVE-2025-47164Microsoft Office Remote Code Execution VulnerabilityASPY 642 Malformed-ppt ppt.MP_6
CVE-2025-47167Microsoft Office Remote Code Execution VulnerabilityAPY 641 Malformed-xls xls.MP_20

Release Breakdown

The vulnerabilities can be classified into the following categories: 

chart_impact_1.png

chart_severity_2.png

The June release includes 10 critical vulnerabilities and 56 that are rated important.

chart_Vul_count_3.png

chart_expl_dis_4.png

Microsoft also tracks vulnerabilities that are either actively exploited or publicly disclosed before the Patch Tuesday release. The chart above highlights these categories as observed this month.

chart_expl_assesment_5.png

Release Detailed Breakdown

Denial of Service Vulnerabilities

CVECVE Title
CVE-2025-32724Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2025-32725DHCP Server Service Denial of Service Vulnerability
CVE-2025-33050DHCP Server Service Denial of Service Vulnerability
CVE-2025-33056Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2025-33057Windows Local Security Authority (LSA) Denial of Service Vulnerability
CVE-2025-33068Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2025-32712Win32k Elevation of Privilege Vulnerability
CVE-2025-32713Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-32714Windows Installer Elevation of Privilege Vulnerability
CVE-2025-32716Windows Media Elevation of Privilege Vulnerability
CVE-2025-32718Windows SMB Client Elevation of Privilege Vulnerability
CVE-2025-32721Windows Recovery Driver Elevation of Privilege Vulnerability
CVE-2025-33067Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2025-33070Windows Netlogon Elevation of Privilege Vulnerability
CVE-2025-33073Windows SMB Client Elevation of Privilege Vulnerability
CVE-2025-33075Windows Installer Elevation of Privilege Vulnerability
CVE-2025-47955Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-47962Windows SDK Elevation of Privilege Vulnerability
CVE-2025-47966Power Automate Elevation of Privilege Vulnerability
CVE-2025-47968Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2025-24065Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-24068Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-24069Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-32715Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32719Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-32720Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-32722Windows Storage Port Driver Information Disclosure Vulnerability
CVE-2025-33052Windows DWM Core Library Information Disclosure Vulnerability
CVE-2025-33055Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33058Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33059Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33060Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33061Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33062Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33063Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-33065Windows Storage Management Provider Information Disclosure Vulnerability
CVE-2025-47969Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2025-29828Windows Schannel Remote Code Execution Vulnerability
CVE-2025-30399.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-32710Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2025-33053Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
CVE-2025-33064Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-33066Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-33071Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
CVE-2025-47162Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47163Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47164Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47165Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47166Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47167Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47168Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47169Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47170Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47171Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47172Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-47173Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47174Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-47175Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-47176Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-47953Microsoft Office Remote Code Execution Vulnerability
CVE-2025-47957Microsoft Word Remote Code Execution Vulnerability
CVE-2025-47959Visual Studio Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2025-33069Windows App Control for Business Security Feature Bypass Vulnerability
CVE-2025-47160Windows Shortcut Files Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVECVE Title
CVE-2025-47956Windows Security App Spoofing Vulnerability
CVE-2025-47977Nuance Digital Engagement Platform Spoofing Vulnerability

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.