June 2025 Virtual Administrator’s Patch Recommendations
All new patches will be approved in our patch policy.
June brings 66 patches with 1 zero-day CVE-2025-33053. CVE-2025-33053 is an Important-severity flaw in Web Distributed Authoring and Versioning code. Although WebDAV is not enabled by default in Windows, it is present in many legacy systems.
An Internet Explorer patch KB5060996 was also released for this reason.
- CVE-2025-33073 is an elevation of privilege vulnerability in the Windows Server Message Block (SMB) client. Exploitation could allow the attacker to gain SYSTEM privileges.
- CVE-2025-33070 is another elevation of privilege vulnerability in Windows Netlogon potentially allowing attackers to gain domain administrator privileges.
- CVE-2025-29828 is remote code execution vulnerability in Windows Cryptographic Services (Schannel).
- The Windows 11 24H2 CU KB5060842 was “replaced” by Out-of-band KB5063060 – see “Known Issues” below.
- One new standalone SSU for Windows 10 Version 1607/Server 2016.
Disclosed: CVE-2025-33053
Exploited: CVE-2025-33073
Security Update Guide
https://msrc.microsoft.com/update-guide/en-us
Microsoft Security Advisories
ADV990001 | Latest Servicing Stack Updates (Published:11/13/2018 | Last Updated:6/10/2025)
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001
Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.
NOTE: The Windows 10/11 Security Stack Updates are included in the monthly Cumulative Updates.
Known Issues
Reported issues with CJK (Chinese, Japanese, Korean) text display. SharePoint Server Subscription Edition problems caused by May update. Out-of-band KB5063060 for Windows 11 24H2.
Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.
Good resource for known issues with Windows 10/11 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
“Noto fonts issue”
Applies to: All users
Symptom: There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. The March 2025 Preview Update introduced Noto fonts in collaboration with Google, for CJK languages as fallbacks to improve text rendering when websites or apps don’t specify appropriate fonts. The issue is due to limited pixel density at 96 DPI, which can reduce the clarity and alignment of CJK characters. Increasing the display scaling improves clarity by enhancing text rendering.
Workaround: As a temporary workaround, increase your display scaling to 125% or 150% to improve text clarity. For more information, see Change your screen resolution and layout in Windows.
Status: We are investigating this issue and will provide more information when it is available.
“Security update for SharePoint Server Subscription Edition: June 10, 2025 (KB5002736)”
Affected platforms: SharePoint Server Subscription Edition
Symptom: The flight for the new Hybrid Search feature in the Standard release ring was not enabled successfully in the May update, please contact the support team to get the workaround to enable the flight.
Status: This issue will be fixed in the July update.
“June 11, 2025—KB5063060 (OS Build 26100.4351) Out-of-band”
Affected platforms: Windows 11 24H2
Symptom: This update addresses an incompatibility issue where Windows might restart unexpectedly when opening games that use the Easy Anti-Cheat service. Easy Anti-Cheat automatically installs with certain games to enhance security and prevent cheating in multiplayer online PC games.
Note: Windows users likely didn’t experience this issue because the update that led to the incompatibility issue (KB506842) was not offered to devices with Easy Anti-Cheat installed.
Status: This OOB update downloads and installs automatically from Windows Update and Microsoft Update on devices with Easy Anti-Cheat installed and on devices that have not installed KB506842 yet.
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5061018 – Windows Server 2012 R2 (ESU)
- KB5061059 – Windows Server 2012 (ESU)
Cumulative Updates
Windows 10
- KB5060998 – Original release version 1507 (OS Build 10240)
- KB5061010 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5060531 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5060533 – Version 21H2 “November 2021 Update” (OS Build 19044)
- KB5060533 – Version 22H2 “November 2022 Update” (OS Build 19045)
(Versions 1511,1703,1709,1803,1903,1909,2004,20H2,21H1 are no longer under support)
Windows 11
- KB5060999 – 22H2 (OS Build 22621)
- KB5060999 – 23H2 (OS Build 22631)
- KB5060842 (OOB KB5063060) – 24H2 (OS Build 26100)
(Version 21H2 is no longer under support)
Windows Server
- KB5061010 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5060531 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5060526 – Server 2022 (OS Build 20348)
- KB5060118 – Server 23H2 (OS Build 25398)
- KB5060842 – Server 2025 (OS Build 26100)
KB5060996 – Cumulative security update for Internet Explorer
June 2025 updates for Microsoft Office
Notable CVEs
CVE-2025-29828 | Windows Schannel Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-29828
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. An attacker can exploit this vulnerability by sending malicious fragmented ClientHello messages to a target server that accepts Transport Layer Security (TLS) connections.
CVE-2025-32710 | Windows Remote Desktop Services Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32710
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. An attacker could successfully exploit this vulnerability by attempting to connect to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.
CVE-2025-33053 | Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33053
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. The user would have to click on a specially crafted URL to be compromised by the attacker.
CVE-2025-33070 | Windows Netlogon Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33070
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network. An attacker who successfully exploited this vulnerability could gain domain administrator privileges.
CVE-2025-33073 | Windows SMB Client Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
