The June 2025 Patch Tuesday update bundle from Microsoft addressed numerous critical vulnerabilities and zero-day flaws. With over 70 different vulnerability fixes, this update bundle is essential for all Microsoft users to update their devices to.
Five Actively Exploited Zero-Day Flaws Patched
The most important security fixes with June Patch Tuesday address five vulnerabilities for which Microsoft confirmed to have detected active exploitation. These include,
- CVE-2025-30400 (important severity; CVSS 7.8): A use-after-free vulnerability impacting Microsoft DWM Core Library leading to privilege escalation. Exploiting the vulnerability could allow SYSTEM privileges to an authorized attacker.
- CVE-2025-30397 (important severity; CVSS 7.5): A type confusion vulnerability in Microsoft Scripting Engine that could allow remote code execution to an unauthorized adversary. Exploiting this flaw required the attacker to send a specially crafted URL that the victim would open using Edge in Internet Explorer Mode.
- CVE-2025-32709 (important severity; CVSS 7.8): Another use after free vulnerability that impacted Windows Ancillary Function Driver for WinSock, allowing elevated privileges (including admin privileges) to an authorized attacker.
- CVE-2025-32701 (important severity; CVSS 7.8): A use after free vulnerability in Windows Common Log File System Driver, allowing elevated privileges, including SYSTEM privileges, to an authorized adversary.
- CVE-2025-32706 (important severity; CVSS 7.8): Another privilege escalation vulnerability in Windows Common Log File System Driver that existed due to improper input validation. Exploiting the flaw would grant SYSTEM privileges to an authorized attacker.
Other Important Patch Tuesday Fixes From Microsoft In June
Alongside the five actively exploited zero-days, Microsoft also addressed two other important severity vulnerabilities that became public prior fixes.
- CVE-2025-26685 (important severity; CVSS 6.8): An improper authentication issue in Microsoft Defender for Identity that could allow an unauthorized attacker to perform spoofing.
- CVE-2025-32702 (important severity; CVSS 7.8): A command injection vulnerability in Visual Studio that could allow an unauthorized attacker to execute codes.
In addition, this month’s update bundle addressed 11 critical severity vulnerabilities as well. These include 6 remote code execution vulnerabilities, 2 privilege escalation flaws, 1 flaw allowing spoofing, and 1 information disclosure.
The rest includes security fixes for 59 important severity vulnerabilities, including 7 denial of service, 15 privilege escalation vulnerabilities, 14 information disclosure, 20 remote code execution flaws, 1 spoofing, and 2 security feature bypass vulnerabilities.
Given that this update bundle addresses no low-severity vulnerabilities, it is a crucial security update for all eligible devices. While Microsoft rolls out these updates automatically, users should still check their systems manually for any updates to ensure receiving all patches on time.
Particularly, the devices vulnerable to the zero-day flaws under attack need immediate attention to prevent potential threats.
Let us know your thoughts in the comments.
