CVEs have been published or revised in the Security Update Guide
June 5, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2024-29187

• Title: GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
• Version: 4.0
• Reason for revision: In the Security Updates table added the following versions of Windows ADK and ADK WinPE Add-on because these developer kits are also affected by this vulnerability. Microsoft strongly recommends that customers using these products install the updates to be fully protected from the vulnerability. See the FAQs section of this vulnerability for more information: * ADK and ADK WinPE Add-on version 10.1.26100.2454 and later * ADK and ADK WinPE Add-on version 10.1.25398.1 (Republished in January 2025) * ADK and ADK WinPE Add-on for Windows 11, version 22H2 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows Server 2022 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows 10, version 2004 (Republished in May 2025) * ADK and ADK WinPE Add-on for Windows 10, version 1809 (Republished in May 2025) * ADK for Windows 10, version 1607 (Republished in May 2025)
• Originally released: June 11, 2024
• Last updated: June 4, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVEs have been published or revised in the Security Update Guide

June 5, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-47966

• Title: Power Automate Elevation of Privilege Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: June 5, 2025
• Last updated: June 5, 2025
• Aggregate CVE severity rating: Critical

Customer action required: No

June 2025 Security Updates (Patch Tuesday)
This release consists of the following 66 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Windows Storage Management Provider CVE-2025-24065
Windows Storage Management Provider CVE-2025-24068
Windows Storage Management Provider CVE-2025-24069
Windows Cryptographic Services CVE-2025-29828
.NET and Visual Studio CVE-2025-30399
Windows Remote Desktop Services CVE-2025-32710
Windows Win32K - GRFX CVE-2025-32712
Windows Common Log File System Driver CVE-2025-32713
Windows Installer CVE-2025-32714
Remote Desktop Client CVE-2025-32715
Windows Media CVE-2025-32716
Windows SMB CVE-2025-32718
Windows Storage Management Provider CVE-2025-32719
Windows Storage Management Provider CVE-2025-32720
Windows Recovery Driver CVE-2025-32721
Windows Storage Port Driver CVE-2025-32722
Windows Local Security Authority Subsystem Service (LSASS) CVE-2025-32724
Windows DHCP Server CVE-2025-32725
Windows DHCP Server CVE-2025-33050
Windows DWM Core Library CVE-2025-33052
WebDAV CVE-2025-33053
Windows Storage Management Provider CVE-2025-33055
Microsoft Local Security Authority Server (lsasrv) CVE-2025-33056
Windows Local Security Authority (LSA) CVE-2025-33057
Windows Storage Management Provider CVE-2025-33058
Windows Storage Management Provider CVE-2025-33059
Windows Storage Management Provider CVE-2025-33060
Windows Storage Management Provider CVE-2025-33061
Windows Storage Management Provider CVE-2025-33062
Windows Storage Management Provider CVE-2025-33063
Windows Routing and Remote Access Service (RRAS) CVE-2025-33064
Windows Storage Management Provider CVE-2025-33065
Windows Routing and Remote Access Service (RRAS) CVE-2025-33066
Windows Kernel CVE-2025-33067
Windows Standards-Based Storage Management Service CVE-2025-33068
App Control for Business (WDAC) CVE-2025-33069
Windows Netlogon CVE-2025-33070
Windows KDC Proxy Service (KPSSVC) CVE-2025-33071
Windows SMB CVE-2025-33073 8.8
Windows Installer CVE-2025-33075
Windows Shell CVE-2025-47160
Microsoft Office CVE-2025-47162
Microsoft Office SharePoint CVE-2025-47163
Microsoft Office CVE-2025-47164 8.4
Microsoft Office Excel CVE-2025-47165
Microsoft Office SharePoint CVE-2025-47166
Microsoft Office CVE-2025-47167
Microsoft Office Word CVE-2025-47168
Microsoft Office Word CVE-2025-47169
Microsoft Office Word CVE-2025-47170
Microsoft Office Outlook CVE-2025-47171
Microsoft Office SharePoint CVE-2025-47172
Microsoft Office CVE-2025-47173
Microsoft Office Excel CVE-2025-47174
Microsoft Office PowerPoint CVE-2025-47175
Microsoft Office Outlook CVE-2025-47176
Microsoft Office CVE-2025-47953
Windows Remote Access Connection Manager CVE-2025-47955
Windows Security App CVE-2025-47956
Microsoft Office Word CVE-2025-47957
Visual Studio CVE-2025-47959
Windows SDK CVE-2025-47962
Power Automate CVE-2025-47966
Microsoft AutoUpdate (MAU) CVE-2025-47968
Windows Hello CVE-2025-47969
Nuance Digital Engagement Platform CVE-2025-47977

We are republishing 3 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?

CERT/CC Windows Secure Boot CVE-2025-3052
Chrome Microsoft Edge (Chromium-based) CVE-2025-5068
Chrome Microsoft Edge (Chromium-based) CVE-2025-5419

Security Update Guide Blog Posts
Date Blog Post

November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

• The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.
• Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.
• Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.
• A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
• In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
• Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5002735 Excel 2016
5002736 SharePoint Server Subscription Edition
5060533 Windows 10, version 21H2, Windows 10, version 22H2
5060842 Windows 11, version 24H2
5060999 Windows 11, version 22H2, Windows 11, version 23H2
5061026 Windows Server 2008 (Monthly Rollup)
5061072 Windows Server 2008 (Security-only update)

Released: Jun 10, 2025
June 2025 Security Updates - Release Notes - Security Update Guide - Microsoft

CVEs have been published or revised in the Security Update Guide

June 11, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-32711

• Title: M365 Copilot Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: June 11, 2025
• Last updated: June 11, 2025
• Aggregate CVE severity rating: Critical

Customer action required: No

CVEs have been published or revised in the Security Update Guide
June 19, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-33053

• Title: Internet Shortcut Files Remote Code Execution Vulnerability
• Version: 1.1
• Reason for revision: Corrected the CVE description and title. This is an informational change only.
• Originally released: June 10, 2025
• Last updated: June 19, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVE-2025-47977

• Title: Nuance Digital Engagement Platform Spoofing Vulnerability
• Version: 1.1
• Reason for revision: Updated the CVSS score and corrected FAQs. This is an informational change only.
• Originally released: June 10, 2025
• Last updated: June 12, 2025
• Aggregate CVE severity rating: Important
• Customer action required: Yes

CVEs have been published or revised in the Security Update Guide
June 20, 2025

These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:

CVE-2025-49715

• Title: Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
• Version: 1.0
• Reason for revision: Information published.
• Originally released: June 19, 2025
• Last updated: June 19, 2025
• Aggregate CVE severity rating: Critical
• Customer action required: No

CVE-2025-6192

• Title: Chromium: CVE-2025-6192 Use after free in Profiler
• Version: 1.0
• Reason for revision: Information published.
• Originally released: June 19, 2025
• Last updated: June 19, 2025
• Aggregate CVE severity rating:
• Customer action required: Yes