This update highlights the latest developments in threat intelligence, Microsoft’s June Patch Tuesday, and critical vulnerabilities identified in widely used third-party software. These insights aim to equip organizations and individuals with the knowledge needed to stay informed and take proactive steps to bolster their cybersecurity defenses.
Recent in Threat Intelligence News:
- SentinelOne shares new details on China-linked breach attempt
- Password-spraying attacks target 80,000 Microsoft Entra ID accounts
- Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
- New Critical Vulnerability in SAP NetWeaver Uncovered
- New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
- Cybercriminals camouflaging threats as AI tool installers
- CISA warns of Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies
- CISA warns of ConnectWise ScreenConnect bug exploited in attacks
- FBI warns of cryptocurrency airdrop scams
- #StopRansomware: Play Ransomware | CISA
Microsoft Vulnerabilities:
Microsoft has released details on 68 vulnerabilities addressed in this month’s security update, including 10 classified as critical and 2 actively exploited zero-day vulnerabilities. The June 2025 Patch Tuesday covers a broad range of issues across multiple categories, reinforcing the importance of timely updates and proactive security measures:
- 25 Remote Code Execution vulnerabilities
- 13 Elevation of Privilege vulnerabilities
- 17 Information Disclosure vulnerabilities
- 6 Denial of Service vulnerabilities
- 3 Security Feature Bypass vulnerabilities
- 2 Spoofing vulnerabilities
The most critical Common Vulnerabilities and Exposures (CVEs) are highlighted below:
Windows Zero-Days:
- CVE-2025-33053 – Web Distributed Authoring and Versioning (WEBDAV) Remote Code Execution Vulnerability
- Remote code execution vulnerability in Web Distributed Authoring and Versioning (WEBDAV). This could allow a remote attacker to execute arbitrary code on the affected system. However, a pre-requisite of this attack is that a user needs to interact with a specially crafted WebDav URL for the flaw to be exploited.
- Vulnerability publicly disclosed and actively being exploited in the wild.
- CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability
- Elevation of privilege flaw in Windows SMB Client. This flaw is caused by improper access control in Windows SMB which can allow attackers to gain SYSTEM privileges on a vulnerable device.
- Vulnerability publicly disclosed but is not actively being exploited in the wild.
Other Critical CVE’s worth mentioning:
- CVE-2025-47164 / 47167 / 47162 / 47953 – Microsoft Office Remote Code Execution Vulnerability
- CVE-2025-47172 – Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-29828 – Windows Schannel Remote Code Execution Vulnerability
- CVE-2025-33071 – Windows KDC Proxy Service (KPSSVC) Remote Code Execution Vulnerability
- CVE-2025-33070 – Windows Netlogon Elevation of Privilege Vulnerability
- CVE-2025-32710 – Windows Remote Desktop Services Remote Code Execution Vulnerability
3rd Party Critical CVE’s worth mentioning:
Adobe Products (partially handled by FSRM):
Adobe released 7 bulletins covering a total of 254 CVE’s. Of these, 32 of the flaws are rated as critical. The flaws could lead to arbitrary code execution, arbitrary file system read, memory leak, application Denial-of-Service, and privilege escalation within varying Adobe products, listed below.
- Acrobat Reader (handled by FSRM)
- Commerce
- Experience Manager
- InCopy
- InDesign
- Substance 3D Sampler
- Substance 3D Painter
Android (not handled by FSRM):
Cisco (not handled by FSRM):
- CVE-2025-20286 – Cisco ISE
- CVE-2025-20130 – Cisco ISE
- CVE-2025-20129 – Cisco Customer Collaboration Platform
Fortinet (not handled by FSRM):
- CVE-2023-42788 – OS Command Injection vulnerability in FortiManager, FortiAnalyzer and FortiAnalyzer-BigData
Google Chrome:
- Google released an emergency security update to fix zero-day vulnerability – CVE-2025-5419.
- Updated Version – 137.0.7151.103/.104 for Windows, Mac and 137.0.7151.103 for Linux.
- Chrome Release: June 10th, 2025
Ivanti (not handled by FSRM):
- CVE-2025-5353 / 22455 / 22463 – Vulnerability in Ivanti Workspace Control Hardcoded Key
SAP (not handled by FSRM):
About Fortress SRM’s Vigilant Managed Cyber Hygiene Offering
Software vulnerabilities are a leading cause of cyberattacks, with nearly one-third of breaches stemming from unpatched, known flaws.
Maintaining secure and up-to-date operating systems and applications is a complex, time-consuming task that often strains internal IT resources. Fortress SRM’s Vigilant Managed Cyber Hygiene with 24/7/365 U.S.-based Monitoring Service simplifies patch management by delivering automated, high-efficacy updates (97%+ success rate) for Microsoft and over 100 third-party applications. This includes critical security patches, OS upgrades, and key configuration updates—across all devices, on or off the network.
Our real-time reporting console offers full visibility into patch status and activity, helping organizations maintain a strong, proactive security posture.
Ready to strengthen your cyber hygiene?
Contact us at Contact Us | Fortress Security Risk Management (fortresssrm.com) to learn how Fortress SRM can help support and enhance your organization’s cybersecurity strategy.