Microsoft's June Patch Tuesday has brought 66 security fixes to address 67 vulnerabilities, including two zero-day flaws and nine critical vulnerabilities. The patches cover a range of Microsoft products, including Windows, Office, SharePoint, Power Automate, WebDAV, and more.
What Happened
The June Patch Tuesday release includes 10 Critical and 56 Important fixes, with a combined CVSS score of 476.4 and an average severity of 7.2. Microsoft warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
Among the notable vulnerabilities addressed in this month's patch batch is CVE-2025-33053, a remote code execution flaw in the Windows implementation of WebDAV. This zero-day vulnerability allows an attacker to execute arbitrary code on a system by crafting malicious WebDAV URLs that, when clicked by a user, lead to code execution.
Microsoft acknowledges that this vulnerability has been used in real-world attacks, although details are scarce. The entry vector is deceptively simple – just one click – and the fact that it's already under active attack makes it a high-priority fix for Windows users.
Background and Context
The WebDAV standard has been around since the 1990s, originally designed to support interactivity on the web. Microsoft has published vulnerabilities in the Windows implementation of WebDAV before, but this is the first zero-day vulnerability on record. The fact that it's still supported in newer versions of Windows, including Server 2025 and Windows 11 24H2, makes it a significant concern for Windows users.
Another notable vulnerability addressed in this month's patch batch is CVE-2025-33073, an elevation of privilege (EoP) zero-day flaw that leads to SYSTEM-level control over a vulnerable PC. Publicly disclosed proof-of-concept code for this bug is now available, making it a high-risk fix for Windows users.
The SMB client vulnerability, CVE-2025-33073, has a CVSS risk score of 8.8 and allows an attacker to gain SYSTEM-level control over a vulnerable PC without requiring further user interaction. This makes it a significant concern for Windows users, particularly those who rely on file and printer sharing or inter-process communication.
Why It Matters to the Industry
The vulnerabilities addressed in this month's patch batch have significant implications for adult-industry platforms and operators. The remote code execution flaw in WebDAV, CVE-2025-33053, allows an attacker to execute arbitrary code on a system by crafting malicious WebDAV URLs that, when clicked by a user, lead to code execution.
This vulnerability is particularly concerning for adult-industry platforms, which often rely on complex software and infrastructure to deliver content. The fact that it's already under active attack makes it a high-priority fix for Windows users in this industry.
The elevation of privilege flaw, CVE-2025-33073, also has significant implications for adult-industry platforms and operators. This vulnerability allows an attacker to gain SYSTEM-level control over a vulnerable PC without requiring further user interaction, making it a high-risk fix for Windows users in this industry.
What Comes Next
The June Patch Tuesday release is just the latest in a series of security updates from Microsoft. Adult-industry platforms and operators should prioritize patching their systems as soon as possible to minimize the risk of exploitation.
In addition to patching, adult-industry platforms and operators should also take steps to mitigate the risks associated with these vulnerabilities. This may include implementing additional security measures, such as firewalls or intrusion detection systems, to prevent attackers from exploiting these flaws.
Key Facts
- Microsoft's June Patch Tuesday release addresses 67 vulnerabilities, including two zero-day flaws and nine critical vulnerabilities.
- The patches cover a range of Microsoft products, including Windows, Office, SharePoint, Power Automate, WebDAV, and more.
- CVE-2025-33053 is a remote code execution flaw in the Windows implementation of WebDAV that allows an attacker to execute arbitrary code on a system by crafting malicious WebDAV URLs.
- CVE-2025-33073 is an elevation of privilege (EoP) zero-day flaw that leads to SYSTEM-level control over a vulnerable PC without requiring further user interaction.
- The SMB client vulnerability, CVE-2025-33073, has a CVSS risk score of 8.8 and allows an attacker to gain SYSTEM-level control over a vulnerable PC.
- Microsoft acknowledges that CVE-2025-33053 has been used in real-world attacks, although details are scarce.