Skip to content
BLOG

Patch Tuesday June 2025

Brock Bingham candid headshot
Brock Bingham|June 10, 2025
Illustration of broken computer with bandaid
Illustration of broken computer with bandaid
Sections

Welcome to PDQ’s Patch Tuesday recap for June 2025. Microsoft is celebrating fathers all around the world this week with a fresh batch of patches. For the fathers out there — you may have had your eye on a new smoker for Father’s Day, but patches are the gift that keeps on giving the whole year. Besides, have you seen the price of brisket these days?

Let’s get into the details.

  • Total exploits patched: 67

  • Critical patches: 10

  • Already known or exploited: 2

Some highlights (or lowlights)

  • CVE-2025-47966: This is the highest-rated CVE this month, coming in with a 9.8 CVSS score. This Power Automate vulnerability takes advantage of an exploit that exposes sensitive data, allowing for privilege elevation. Thankfully, like a masked hero doling out justice in the night, Microsoft has already fully patched this vulnerability, so all you automation experts out there can rest easy.

  • CVE-2025-33053: If you like your vulnerabilities to come in hot (i.e., be actively exploited in the wild), then you’re in luck! CVE-2025-33053 addresses legacy IE components that are still in use and actively exploited by getting users to click on malicious links. Considering that this is already being exploited and that Microsoft is even updating out-of-service operating systems, I would prioritize this bad boy.

  • CVE-2025-47953: Microsoft Office just can’t catch a break. What it can do, though, is break … a lot. CVE-2025-47953 is just one of four different CVEs addressing Microsoft Office remote code execution (RCE) vulnerabilities. With all the signs of a “major oops” in the making, these vulnerabilities have a local attack vector (only in the technical sense), low complexity, don’t require any privileges, and don’t require user interaction. Is quadfecta a word? If you’re a Microsoft Office shop, it’s time to get patching. If you’re a Google Workspace shop, now is the appropriate time to point and laugh.

Wrapping up

That wraps up this month's Patch Tuesday recap. While these patches don’t quite hit the sweet spot like a meticulously smoked tri-tip, just think how much better you’ll sleep at night knowing that your devices are up to date. Unless you didn’t thoroughly test the updates before you deployed them. In that case, I hope you have a large supply of TUMS handy.

Loading...

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Security grey

What are Likely Exploited Vulnerabilities?

SECURITY

Illustration of computer desk and monitor with PDQ logo

5 best Lansweeper alternatives

GENERAL IT

Illustration of computer desk and monitor with PDQ logo

7 best Automox alternatives

PRODUCT