In the latest June 2025 Patch Tuesday update from Microsoft, a significant number of critical vulnerabilities and zero-day flaws have been addressed. With more than 70 different fixes included in this update bundle, it is crucial for all Microsoft users to promptly update their devices.
Five Zero-Day Flaws Actively Exploited Patched
The highlight of the June Patch Tuesday security fixes is the addressing of five vulnerabilities that Microsoft confirmed were being actively exploited. These vulnerabilities include:
- CVE-2025-30400 (important severity; CVSS 7.8): A privilege escalation vulnerability in Microsoft DWM Core Library due to a use-after-free flaw.
- CVE-2025-30397 (important severity; CVSS 7.5): A type confusion vulnerability in Microsoft Scripting Engine allowing remote code execution.
- CVE-2025-32709 (important severity; CVSS 7.8): A use-after-free vulnerability in Windows Ancillary Function Driver for WinSock.
- CVE-2025-32701 (important severity; CVSS 7.8): A privilege escalation vulnerability in Windows Common Log File System Driver.
- CVE-2025-32706 (important severity; CVSS 7.8): Another privilege escalation vulnerability in Windows Common Log File System Driver.
Other Key Fixes From Microsoft’s June Update
In addition to the actively exploited zero-days, Microsoft also addressed two other important vulnerabilities:
- CVE-2025-26685 (important severity; CVSS 6.8): An improper authentication issue in Microsoft Defender for Identity.
- CVE-2025-32702 (important severity; CVSS 7.8): A command injection vulnerability in Visual Studio.
Furthermore, this month’s update bundle also addressed 11 critical severity vulnerabilities, including remote code execution, privilege escalation, spoofing, and information disclosure flaws. Additionally, there are fixes for 59 important severity vulnerabilities covering various security issues.
It is crucial for all eligible devices to install this update to stay protected. While updates are usually automated, users should manually check for any pending updates to ensure they receive all patches in a timely manner, especially for devices vulnerable to the zero-day flaws.
Share your thoughts in the comments section below.
