Yesterday marked June’s Patch Tuesday, during which Microsoft released security updates addressing 66 vulnerabilities. Notably, one specific vulnerability in Windows has already been exploited in attacks, while several other issues identified in both Windows and Office products have been classified as critical.
For additional details on these vulnerabilities, keep reading. The next Patch Tuesday is scheduled for July 8, 2025.
A significant portion of the vulnerabilities—44 in total—affect various iterations of Windows (versions 10 and above, including Server) that are still receiving security updates. However, Windows 7 and 8.1 are not receiving any further updates, leaving them vulnerable.
If your system meets the necessary requirements, upgrading to Windows 11 24H2 is advisable to ensure ongoing security updates. This vulnerability exemplifies the legacy issues present across all Windows versions, as some older applications still rely on the MSHTML platform.
A user could be compromised simply by clicking a malicious link that executes harmful code. Microsoft has issued updates for Windows Server 2008 and newer systems to rectify this issue.
They have also acknowledged several IT security experts who privately reported the vulnerability. If users are led to an insecure server, such as an SMB server, their systems could fall under the control of an attacker with elevated privileges—though domain controllers remain generally unaffected.
Microsoft anticipates that this vulnerability could be exploited soon but has already addressed the concern. In terms of Office security vulnerabilities, Microsoft has resolved 18 issues, 17 of which are classified as remote code execution (RCE) vulnerabilities.
Five of these are deemed critical, including one that specifically affects SharePoint, while the remaining vulnerabilities are classified as high risk. Notably, four of the critical vulnerabilities can be exploited merely by displaying a compromised file in the preview window, without requiring the user to click on or open the file.
Lastly, the latest version of the Edge browser, 137.0.3296.68, was released on June 6 and is based on Chromium 137.0.7151.69.