EchoLeak: Critical Zero-Click Vulnerability in Microsoft 365 Copilot
A critical security vulnerability discovered in Microsoft 365 Copilot highlights that there is a risk associated with AI-powered business tools that we must continue to…
Microsoft’s June 2025 Patch Tuesday: One Zero-Day and Ten Critical Vulnerabilities Among 66 CVEs
Microsoft has released its June 2025, Patch Tuesday security updates addressing 66 vulnerabilities across its software ecosystem. This month’s release includes one actively exploited zero-day vulnerability, one publicly disclosed zero-day, and ten critical-severity flaws that organisations should prioritise for immediate patching.
The vulnerability distribution breaks down as follows:
- 25 Remote Code Execution vulnerabilities – the largest category, allowing attackers to execute code on target systems.
- 17 Information Disclosure vulnerabilities – potentially exposing sensitive data.
- 13 Elevation of Privilege vulnerabilities – enabling attackers to gain higher system access.
- 6 Denial of Service vulnerabilities – capable of disrupting system availability.
- 3 Security Feature Bypass vulnerabilities – circumventing built-in protections.
- 2 Spoofing vulnerabilities – allowing impersonation of legitimate entities
Ten of these vulnerabilities carry a “Critical” severity rating, with eight being remote code execution flaws and two elevation of privilege issues.
The Zero-Day Vulnerabilities
Actively Exploited: WebDAV Remote Code Execution (CVE-2025-33053)
The most concerning vulnerability in this release is CVE-2025-33053, a remote code execution flaw in Microsoft Windows Web Distributed Authoring and Versioning (WebDAV). Discovered by checkpoint.com, this vulnerability has been actively exploited in attacks.
The flaw allows remote attackers to execute arbitrary code on affected systems when users click on specially crafted WebDAV URLs. WebDAV is commonly used in enterprise environments for collaborative document editing and file sharing, making this vulnerability particularly relevant for business networks.
The exploitation mechanism requires user interaction, specifically clicking on a malicious WebDAV link. This social engineering component means organisations should focus on both technical patching and user awareness to mitigate risks.
Publicly Disclosed: SMB Client Privilege Escalation (CVE-2025-33073)
CVE-2025-33073 affects Windows SMB (Server Message Block) client functionality and allows attackers to gain SYSTEM privileges on vulnerable devices. The vulnerability stems from improper access control implementation in the SMB protocol handling.
Exploitation requires an attacker to execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. This could result in complete system compromise, as SYSTEM privileges provide the highest level of access on Windows systems.
Critical Vulnerabilities Requiring Immediate Attention
The ten critical-severity vulnerabilities span multiple Microsoft products and services and have potential for remote exploitation without user interaction, or their ability to compromise system integrity completely.
The eight critical remote code execution vulnerabilities are particularly concerning as they could allow attackers to execute malicious code on target systems across network boundaries.
The two critical elevation of privilege vulnerabilities could enable attackers who have already gained initial access to escalate their permissions and achieve complete system control.
Recommendations for Organisations
Immediate Actions:
- Priority Patching: Apply updates for CVE-2025-33053 and CVE-2025-33073 immediately, particularly in environments using WebDAV or SMB functionality.
- Critical Vulnerability Assessment: Review the ten critical-severity vulnerabilities against your infrastructure to identify affected systems
Ongoing Actions:
- User Education: Prioritise training programmes focusing on safe link handling and recognising social engineering attempts for staff in the organisation.
- Network Segmentation: Limit SMB traffic between network segments to reduce the attack surface for privilege escalation attempts.
- Monitoring and Detection: Deploy monitoring tools to detect unusual WebDAV or SMB activity that could indicate exploitation attempts.
The presence of an actively exploited zero-day vulnerability, combined with ten critical-severity flaws, underscores the importance of maintaining robust patch management processes within organisations. The combination of technical vulnerabilities and social engineering vectors highlights the need for comprehensive security approaches that address both technological and human factors in cyber security defence.
Regular patch application remains one of the most effective methods for maintaining security posture.
Further Resources
Related articles
Critical Vulnerability Discovered in HPE StoreOnce: What You Need to Know
Background Hewlett Packard Enterprise (HPE) has issued a security bulletin warning about critical vulnerabilities in its StoreOnce data backup and deduplication solution. StoreOnce is widely…
Scattered Spider Returns: A Renewed Threat to Retail Cybersecurity
As of May 2025, the cyber threat landscape has shifted away from the UK, with the focus moving to US companies following a period of…