Overview
On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft Visual Studio, including high-risk vulnerability types such as privilege escalation and remote code execution.
Of the vulnerabilities fixed in Microsoft’s monthly update this month, 11 were critical and 58 were important in severity. These include 1 vulnerability that has been detected for wild exploitation:
WEBDAV Remote Code Execution Vulnerability (CVE-2025-33053)
Please update the patch as soon as possible for protection. For a complete list of vulnerabilities, please refer to the appendix.
Reference link:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
Key Vulnerabilities
Based on the product popularity and vulnerability importance, this update contains vulnerabilities with greater impact. Relevant users are requested to pay special attention:
Windows Schannel Remote Code Execution Vulnerability (CVE-2025-29828):
Windows Schannel has a remote code execution vulnerability. Due to a memory leak in the Windows Encryption Service, an unauthenticated attacker could execute arbitrary code by sending a large number of malicious sharded ClientHello messages to the target server connected to TLS. CVSS score 8.1.
Official announcement link:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2025-29828
Microsoft Word Remote Code Execution Vulnerability (CVE-2025-32717):
Microsoft Word has a remote code execution vulnerability. Due to a heap-based buffer overflow vulnerability in Microsoft Office Word, an unauthenticated attacker can craft malicious RTF files that trick users into opening or previewing panes, thereby executing arbitrary code in the user’s context. CVSS score 8.4.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32717
Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability (CVE-2025-33053):
A remote code execution vulnerability exists in Web Distributed Authoring and Versioning (WEBDAV). Because WebDAV mishandles file paths in links, an unauthenticated attacker can externally control the file name or path in WebDAV to trick users into clicking on a specially crafted link and executing arbitrary code. CVSS score 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33053
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-33064):
A remote code execution vulnerability exists in the Windows Routing and Remote Access Service (RRAS). Due to a heap-based buffer overflow vulnerability in Windows Routing and Remote Access Services (RRAS), an unauthenticated remote attacker can execute code locally. CVSS score 8.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33064
Power Automate Privilege Escalation Vulnerability (CVE-2025-47966):
Power Automate has a privilege escalation vulnerability. Due to the leakage of sensitive information in Power Automate, attackers can obtain this sensitive information and achieve privilege escalation. CVSS score 9.8.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47966
Microsoft Word Remote Code Execution Vulnerability (CVE-2025-47957):
Microsoft Word has a remote code execution vulnerability. Due to a “use after release” problem in Microsoft Office Word, an unauthenticated attacker can execute code locally. CVSS score 8.4.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47957
Windows Netlogon Privilege Escalation Vulnerability (CVE-2025-33070):
Windows Netlogon has a privilege escalation vulnerability. Because uninitialized resources are used in Windows Netlogon, an attacker can gain domain administrator privileges by sending a specially crafted authentication request to the domain controller. CVSS score 8.1.
Official announcement link:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070
Scope of Impact
The following are the affected product versions of some key vulnerabilities. For the scope of products affected by other vulnerabilities, please refer to the official announcement link.
| Vulnerability Number | Affected product versions |
| CVE-2025-29828 | Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 |
| CVE-2025-32717 | Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems |
| CVE-2025-33053 CVE-2025-33064 | Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2025-47966 | Power Automate for Desktop |
| CVE-2025-47957 | Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems |
| CVE-2025-33070 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
Mitigation
At present, Microsoft has officially released security patches to fix the above vulnerabilities for supported product versions. It is strongly recommended that affected users install patches as soon as possible for protection. The official download link:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
Note: Patch updates for Windows Update may fail due to network problems, computer environment problems, etc. After installing the patch, users should check whether the patch has been successfully updated in time.
Right-click the Windows icon, select “Settings (N)”, select “Update and Security”-“Windows Update”, view the prompt information on this page, or click “View Update History” to view the historical update status.
For updates that have not been successfully installed, you can click the update name to jump to the Microsoft official download page. It is recommended that users click the link on this page and go to the “Microsoft Update Catalog” website to download the independent program package and install it.
Appendix
| Affected products | CVE No. | Vulnerability Title | Severity |
|---|---|---|---|
| Windows | CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47162 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47953 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-33071 | Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics | CVE-2025-47966 | Power Automate Privilege Escalation Vulnerability | Critical |
| Microsoft Office | CVE-2025-32717 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Windows | CVE-2025-33070 | Windows Netlogon Privilege Escalation Vulnerability | Critical |
| Microsoft Office | CVE-2025-47164 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47167 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47172 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2025-47957 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-32712 | Win32k privilege escalation vulnerability | Important |
| Windows | CVE-2025-32713 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-32714 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-32715 | Remote Desktop Protocol Client information disclosure vulnerability | Important |
| Windows | CVE-2025-32716 | Windows Media Permission Escalation Vulnerability | Important |
| Windows | CVE-2025-32718 | Windows SMB Client Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-32719 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-32720 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-32721 | Windows Recovery Driver Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-32722 | Windows Storage Port Driver Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-32724 | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | Important |
| Windows | CVE-2025-33058 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33059 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33060 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33061 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33062 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33063 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33064 | Windows Routing and Remote Access Service (RRAS) Vulnerability | Important |
| Windows | CVE-2025-33065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33066 | Windows Routing and Remote Access Service (RRAS) Vulnerability | Important |
| Windows | CVE-2025-33067 | Windows Task Scheduler Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-33075 | Windows Installer Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-47160 | Windows Shortcut Files security feature bypass vulnerability | Important |
| Windows | CVE-2025-47955 | Windows Remote Access Connection Manager Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-47956 | Windows Security App Spoofing Vulnerability | Important |
| Windows SDK | CVE-2025-47962 | Windows SDK Privilege Escalation Vulnerability | Important |
| Windows | CVE-2025-47969 | Windows Virtualization-Based Security (VBS) Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-24068 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-24069 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-24065 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-32725 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-33050 | DHCP Server Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-33052 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) remote code execution vulnerability | Important |
| Windows | CVE-2025-33055 | Windows Storage Management Provider Information Disclosure Vulnerability | Important |
| Windows | CVE-2025-33056 | Windows Local Security Authority (LSA) Denial of Service | Important |
| Windows | CVE-2025-33057 | Windows Local Security Authority (LSA) Denial of Service | Important |
| Windows | CVE-2025-33068 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | Important |
| Windows | CVE-2025-33069 | Windows App Control for Business security feature bypass vulnerability | Important |
| Windows | CVE-2025-33073 | Windows SMB Client Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2025-47163 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47165 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-47166 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47168 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47169 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47170 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47171 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47173 | Microsoft Office Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47174 | Microsoft Excel remote code execution vulnerability | Important |
| Microsoft Office | CVE-2025-47175 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47176 | Microsoft Outlook Remote Code Execution Vulnerability | Important |
| Windows | CVE-2025-3052 | Cert CC: CVE-2025-3052 InsydeH2O Secure Boot Bypass | Important |
| Microsoft Visual Studio | CVE-2025-47959 | Visual Studio Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2025-47968 | Microsoft AutoUpdate (MAU) Privilege Escalation Vulnerability | Important |
| Azure | CVE-2025-47977 | Nuance Digital Engagement Platform Spoofing Vulnerability | Important |
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.
Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world’s top ten telecommunications companies.
Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.
