June 2025 Security Updates: Microsoft Patch Tuesday and Other Critical Fixes

In this Wednesday, June 11, 2025 edition of the SANS Internet Storm Center's Stormcast, Johannes Ullrich presents the latest security updates, including Microsoft's Patch Tuesday. This month, Microsoft released a relatively light Patch Tuesday with 67 vulnerabilities addressed, of which 10 are classified as critical. Among these, one vulnerability is already being exploited, and another was disclosed before the patch was published. The already exploited vulnerability involves WebDAV, an extension of the HTTP protocol that allows a web server to be used as a remote file system. This vulnerability resides in the legacy components of Internet Explorer, even though this browser is no longer in use. To exploit this flaw, an attacker must entice a user to connect to a malicious WebDAV resource. Fixing this vulnerability requires applying the cumulative update for Internet Explorer. Another notable vulnerability, although not yet exploited, involves a privilege escalation in the Windows SMB client. Although Microsoft considers exploitation less likely, it could allow an attacker to gain system privileges if the victim connects to a malicious SMB server. Among the critical vulnerabilities, a flaw in the Remote Desktop service allows unauthenticated remote code execution. Although difficult to exploit, this is the third such vulnerability in three months, making it a prime target for attackers. Another critical vulnerability affects Microsoft's cryptographic services, where a "use-after-free" flaw could allow arbitrary code execution. Although exploitation is complex, the prevalence of this library in TLS protocols makes it a major potential threat. Microsoft Office is not exempt, with several critical vulnerabilities, notably those allowing code execution simply by previewing a document. This is unusual, as Microsoft typically does not classify Office vulnerabilities as critical if they require opening a document. Outside of Microsoft, Adobe has also released patches for seven of its products, including Adobe Commerce and Adobe Acrobat Reader. The vulnerabilities in Adobe Commerce require authentication to be exploited, reducing their risk. However, the flaws in Adobe Acrobat Reader, particularly memory management vulnerabilities, are likely to be exploited given their history. Other updates come from SAP, Ivanti, and Fortinet, although these are not considered as critical at the moment. Nevertheless, it is important to remain vigilant, as additional updates may always appear during Patch Tuesday. In conclusion, although no vulnerability is classified as "patch now," it is crucial to follow standard update procedures to protect against these potential threats.