For June’s Patch Tuesday, 68 fixes — and two zero-day flaws

Microsoft offered up a fairly light Patch Tuesday release this month, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. That said, two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Office. (Developers can follow their usual release cadence with updates to Microsoft .NET and Visual Studio.)

To help navigate these changes, the team from Readiness has provided auseful  infographic detailing the risks involved when deploying the latest updates. (More information about recent Patch Tuesday releases is available here.)

Known issues

Microsoft released a limited number of known issues for June, with a product-focused issue and a very minor display concern:

• Microsoft Excel: This a rare product level entry in the “known issues” category — an advisory that “square brackets” or [] are not supported in Excel filenames. An error is generated, advising the user to remove the offending characters.
• Windows 10: There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. This is a limited resource issue, as the font resolution in Windows 10 does not fully match the high-level resolution of the Noto font. Microsoft recommends changing the display scaling to 125% or 150% to improve clarity.

Major revisions and mitigations

Microsoft might have won an award for the shortest time between releasing an update and a revision with:

• CVE-2025-33073: Windows SMB Client Elevation of Privilege. Microsoft worked to address a vulnerability where improper access control in Windows SMB allows an attacker to elevate privileges over a network. This patch was revised on the same day as its initial release (and has been revised again for documentation purposes).

Windows lifecycle and enforcement updates

Microsoft did not release any enforcement updates for June.

Each month, the Readiness team analyzes Microsoft’s latest updates and provides technically sound, actionable testing plans. While June’s release includes no stated functional changes, many foundational components across authentication, storage, networking, and user experience have been updated.

For this testing guide, we grouped Microsoft’s updates by Windows feature and then accompanied the section with prescriptive test actions and rationale to help prioritize enterprise efforts.

Core OS and UI compatibility

Microsoft updated several core kernel drivers affecting Windows as a whole. This is a low-level system change and carries a high risk of compatibility and system issues. In addition, core Microsoft print libraries have been included in the update, requiring additional print testing in addition to the following recommendations:

• Run print operations from 32-bit applications on 64-bit Windows environments.
• Use different print drivers and configurations (e.g., local, networked).
• Observe printing from older productivity apps and virtual environments.

Remote desktop and network connectivity

This update could impact the reliability of remote access while broken DHCP-to-DNS integration can block device onboarding, and NAT misbehavior disrupts VPNs or site-to-site routing configurations. We recommend the following tests be performed:

• Create and reconnect Remote Desktop (RDP) sessions under varying network conditions.
• Confirm that DHCP-assigned IP addresses are correctly registered with DNS in AD-integrated environments.
• Test modifying NAT and routing settings in RRAS configurations and ensure that changes persist across reboots.

Filesystem, SMB and storage

Updates to the core Windows storage libraries affect nearly every command related to Microsoft Storage Spaces. A minor misalignment here can result in degraded clusters, orphaned volumes, or data loss in a failover scenario. These are high-priority components in modern data center and hybrid cloud infrastructure, with the following storage-related testing recommendations:

• Access file shares using server names, FQDNs, and IP addresses.
• Enable and validate encrypted and compressed file-share operations between clients and servers.
• Run tests that create, open, and read from system log files using various file and storage configurations.
• Validate core cluster storage management tasks, including creating and managing storage pools, tiers, and volumes.
• Test disk addition/removal, failover behaviors, and resiliency settings.
• Run system-level storage diagnostics across active and passive nodes in the cluster.

Windows installer and recovery

Microsoft delivered another update to the Windows Installer (MSI) application infrastructure. Broken or regressed Installer package MSI handling disrupts app deployment pipelines while putting core business applications at risk. We suggest the following tests for the latest changes to MSI Installer, Windows Recovery and Microsoft’s Virtualization Based Security (VBS):

• Perform installation, repair, and uninstallation of MSI Installer packages using standard enterprise deployment tools (e.g. Intune).
• Validate restore point behavior for points older than 60 days under varying virtualization-based security (VBS) settings.
• Check both client and server behaviors for allowed or blocked restores.

We highly recommend prioritizing printer testing this month, then remote desktop deployment testing to ensure your core business applications install and uninstall as expected.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

• Browsers (Microsoft IE and Edge);
• Microsoft Windows (both desktop and server);
• Microsoft Office;
• Microsoft Exchange and SQL Server; 
• Microsoft Developer Tools (Visual Studio and .NET);
• And Adobe (if you get this far).

Browsers

Microsoft delivered a very minor series of updates to Microsoft Edge. The  browser receives two Chrome patches (CVE-2025-5068 and CVE-2025-5419) where both updates are rated important. These low-profile changes can be added to your standard release calendar.

Microsoft Windows

Microsoft released five critical patches and (a smaller than usual) 40 patches rated important. This month the five critical Windows patches cover the following desktop and server vulnerabilities:

• Missing release of memory after effective lifetime in Windows Cryptographic Services (WCS) allows an unauthorized attacker to execute code over a network.
• Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
• Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
• Use of uninitialized resources in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

Unfortunately, CVE-2025-33073 has been reported as publicly disclosed while CVE-2025-33053 has been reported as exploited. Given these two zero-days, the Readiness recommends a “Patch Now” release schedule for your Windows updates.

Microsoft Office

Microsoft released five critical updates and a further 13 rated important for Office. The critical patches deal with memory related and “use after free” memory allocation issues affecting the entire platform. Due to the number and severity of these issues, we recommend a “Patch Now” schedule for Office for this Patch Tuesday release.

Microsoft Exchange and SQL Server

There are no updates for either Microsoft Exchange or SQL Server this month. 

Developer tools

There were only three low-level updates (product focused and rated important) released, affecting .NET and Visual Studio. Add these updates to your standard developer release schedule.

Adobe (and 3rd party updates)

Adobe has released (but Microsoft has not co-published) a single update to Adobe Acrobat (APSB25-57). There were two other non-Microsoft updated releases affecting the Chromium platform, which were covered in the Browser section above.