There are multiple critical patches for June. Please note that if additional attack vectors or new exploits are released the priority for remediation will change. Testing and patching should be started for all systems. Systems using Microsoft Office, SMB client systems, and KDC proxy servers should be prioritized. All admins are reminded that browser updates, including updates to Edge Chrome and Firefox, should be deployed regularly.
Multiple Office vulnerabilities (CVE-2025-47162, CVE-2025-47164, CVE-2025-47167 and CVE-2025-47953) can be exploited via the preview pane. It is therefore vital to test and deploy fixes for Outlook users as the highest priority.
For workstations and systems that connect to SMB servers, CVE-2025-33073 can result in SYSTEM level access. The attacker would need control of the malicious (destination) server. Controls on Internet SMB server access provide some mitigation while patches are deployed.
For domain controller systems, testing patches to CVE-2025-33070 is also critical. Exploitation can result in domain administrator privileges. The exploit currently requires “an attacker to take additional actions prior to exploitation to prepare the target environment” however this may change as more information is discovered on methods of exploitation.
CVE-2025-33071 impacts systems configured as a “[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol server”. This is not a default configuration. Review the Microsoft information on this patch if it applies to your systems.
Full details can be found in the release notes https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-jun