Microsoft addressed a total of 66 security vulnerabilities across its product portfolio as part of its June 2025 Patch Tuesday update, including a critical WebDAV remote code execution flaw that has been actively exploited in the wild.

The company released security patches impacting Windows, Microsoft Office, Exchange Server, Microsoft Edge, .NET, Visual Studio, and several other enterprise applications. Six of the vulnerabilities were rated “Critical,” while the remainder were classified as “Important” or “Moderate.”

Among the most urgent fixes is CVE-2025-33053, a vulnerability in WebDAV (Web Distributed Authoring and Versioning) that allows attackers to execute arbitrary code by sending specially crafted requests to a targeted server. Microsoft confirmed the flaw is currently being exploited and urged organizations to prioritize the update.

“We are aware of limited, targeted exploitation of CVE-2025-33053,” the company stated in its official advisory.

Broader Scope of Impact

This month’s update affects a wide range of systems, including:

  • Windows 10 and 11

  • Windows Server 2016 through 2022

  • Microsoft Office 2016, 2019, and Microsoft 365

  • Exchange Server 2019

  • .NET 6 and 7

  • Microsoft Edge (Chromium)

Microsoft also addressed multiple elevation-of-privilege vulnerabilities, spoofing issues, denial-of-service risks, and remote code execution flaws across its ecosystem. Though no other vulnerabilities were listed as under active attack, security experts have warned that delaying patches can lead to exposure as threat actors reverse-engineer updates.

Enterprise Security Response

Cybersecurity professionals have recommended testing and deploying the updates as quickly as possible. Many organizations rely on tools such as Microsoft Endpoint Configuration Manager and Windows Server Update Services (WSUS) to manage these patches across their networks.

The company’s June rollout highlights the growing need for organizations to maintain strict patch management practices, particularly in light of the growing sophistication of cyberattacks.

Context and History

This is not the first time Microsoft’s Patch Tuesday has included an actively exploited vulnerability. In recent months, multiple zero-day flaws have been disclosed and patched under similar circumstances. The consistent emergence of such vulnerabilities underscores the need for enterprises to stay ahead with timely updates and layered defense strategies.

Microsoft’s next Patch Tuesday update is expected on July 8, 2025.