June Patch Tuesday

Microsoft has released a very light Patch Tuesday for this June with 68 patches to Microsoft Windows and Microsoft Office. No update for Exchange or SQL server and just two minor patches to Microsoft Edge. Unfortunately two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Microsoft Office. Developers can follow their usual release cadence with updates to Microsoft .NET and Visual Studio.

To help navigate these changes to their platforms, the team from Readiness has provided a helpful infographic detailing the risks of deploying updates to each platform.

Known Issues 

Microsoft has released a very limited number of known issues this month with a product focused issue and a very minor display issue covering the following:

• Microsoft Excel: This a rare product level entry in the “known issues” section, but this month, Microsoft has released an advisory that “square brackets” or [] are not supported in Excel filenames. An error is generated, advising the client to remove the offending characters.
• Windows 10: There are reports of blurry or unclear CJK (Chinese, Japanese, Korean) text when displayed at 96 DPI (100% scaling) in Chromium-based browsers such as Microsoft Edge and Google Chrome. This is a limited resource issue as the font resolution in Windows 10 does not fully match the high-level resolution of the Noto font. Microsoft recommends changing the display scaling to 125% or 150% to improve clarity.

Major Revisions and Mitigations

Microsoft may have won an award for the shortest time between releasing an update and a revision update with:

• CVE-2025-33073: Windows SMB Client Elevation of Privilege. Microsoft has worked to address a vulnerability where improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. This patch was revised on the same day as its initial release and has been revised again for documentation purposes.

Windows Lifecycle and Enforcement Updates 

Microsoft has not published any enforcement updates this month,

Each month, the Readiness team analyzes Microsoft’s latest updates and provides technically sound, actionable testing plans. While June’s release includes no stated functional changes, many foundational components across authentication, storage, networking, and user experience have been updated.

For this June testing guide, we have grouped Microsoft’s updates by Windows feature and then accompanied the section with prescriptive test actions and rationale to help prioritize enterprise validation efforts.

Core OS and UI Compatibility 

Microsoft has updated several core kernel drivers for June Patch Tuesday affecting the Windows OS as a whole. This is a low-level system change and carries a high risk of compatibility and system issues. In addition, core Microsoft print libraries have been included in this month’s update requiring additional print testing in addition to the following testing recommendations:

• Run print operations from 32-bit applications on 64-bit Windows environments.
• Use different print drivers and configurations (e.g., local, networked).
• Observe printing from older productivity apps and virtual environments.

Remote Desktop & Network Connectivity

This month’s update may impact the reliability of remote access while broken DHCP-to-DNS integration can block device onboarding, and NAT misbehavior disrupts VPNs or site-to-site routing configurations. We recommend that the following tests are performed:

• Create and reconnect Remote Desktop (RDP) sessions under varying network conditions.
• Confirm that DHCP-assigned IP addresses are correctly registered with DNS in AD-integrated environments.
• Test modifying NAT and routing settings in RRAS configurations and ensure that changes persist across reboots.

Filesystem, SMB and Storage

Updates to the core Windows storage libraries impact nearly every command related to Microsoft Storage Spaces. A minor misalignment here can result in degraded clusters, orphaned volumes, or data loss in a failover scenario. These are high-priority components in modern data center and hybrid cloud infrastructure with the following storage related testing recommendations:

• Access file shares using server names, FQDNs, and IP addresses.
• Enable and validate encrypted and compressed file share operations between clients and servers.
• Run tests that create, open, and read from system log files using various file and storage configurations.
• Validate core cluster storage management tasks, including creating and managing storage pools, tiers, and volumes.
• Test disk addition/removal, failover behaviors, and resiliency settings.
• Run system-level storage diagnostics across active and passive nodes in the cluster.

Windows Installer and Recovery

Microsoft has delivered another update to the Windows Installer (MSI) application infrastructure this month. Broken or regressed Installer package MSI handling disrupts application deployment pipelines while putting core business applications at risk. We suggest the following tests for this month’s changes to MSI Installer, Windows Recovery and Microsoft’s Virtualization Based Security (VBS):

• Perform installation, repair, and uninstallation of MSI Installer packages using standard enterprise deployment tools (e.g. Intune).
• Validate restore point behavior for points older than 60 days under varying virtualization-based security (VBS) settings.
• Check both client and server behaviors for allowed or blocked restores.

We highly recommend prioritising your printer testing this month, leading onto remote desktop deployment testing and ensuring that your core business applications install and uninstall as expected.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

• Browsers (Microsoft IE and Edge) 
• Microsoft Windows (both desktop and server) 
• Microsoft Office
• Microsoft Exchange and SQL Server 
• Microsoft Developer Tools (Visual Studio and .NET)
• Adobe (if you get this far) 

Browsers

This month, Microsoft has delivered a very minor series of updates to Microsoft Edge. Microsoft’s browser receives two Chrome patches (CVE-2025-5068 and CVE-2025-5419) where both updates are rated as important by Microsoft. These low-profile changes can be added to your standard release calendar.

Microsoft Windows

Microsoft has released five critical rated patches and (a smaller than usual) 40 patches rated as important. This month the five critical Windows patches cover the following desktop and server vulnerabilities:

• Missing release of memory after effective lifetime in Windows Cryptographic Services (WCS) allows an unauthorized attacker to execute code over a network.
• Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
• Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
• Use of uninitialized resources in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

Unfortunately, the vulnerability CVE-2025-33073 has been reported as publicly disclosed while CVE-2025-33053 has been reported as exploited. Given these two zero-days, the Readiness recommends a “Patch Now” release schedule for your windows updates.

Microsoft Office

Microsoft has released five critical updates and a further 13 rated as important for the Microsoft Office platform. The five critical patches deal with memory related and “use after free” memory allocation issues affecting the entire Office platform. Due to the number and severity of these issues, we recommend a “Patch Now” schedule for Microsoft Office for this June Patch Tuesday.

Microsoft Exchange and SQL Server

No updates for either Microsoft Exchange or SQL Server this month. 

Developer Tools

There were only three low-level updates (product focused and rated as important) released by Microsoft this June, affecting .NET and Visual Studio. Add these updates to your standard developer release schedule.

Adobe (and 3rd party updates)

Adobe has released (but Microsoft has not co-published) a single update to Adobe Acrobat (APSB25-57). There were two other non-Microsoft updated releases this month affecting the Chromium platform which were covered in the Browser section.