Patch Tuesday: June 2025 — Key Vulnerabilities and What to Prioritise

Dave HallDave Hall
2 min read

Microsoft Patch Tuesday: June 2025 Overview

Microsoft’s June 2025 Patch Tuesday addressed 49 vulnerabilities across a range of products, including Windows, Office, SharePoint, and Microsoft Dynamics.

Out of the 49, 4 are rated Critical, and 2 are currently under active exploitation.

Key Vulnerabilities to Note

1. CVE-2025-2197 – Windows RDP Gateway RCE

  • Remote Code Execution via RDP Gateway

  • Network exploitable; no user interaction required

  • Patched across multiple supported Windows Server builds

  • Critical due to prevalence of exposed RDP in enterprise environments

2. CVE-2025-2203 – Windows Kernel Elevation of Privilege

  • Exploited in the wild at time of release

  • Impacts Windows 10, 11, and Server 2022

  • Allows attackers with local access to gain SYSTEM privileges

  • Considered high risk for lateral movement and ransomware campaigns

3. CVE-2025-2230 – Microsoft Office Remote Code Execution

  • Exploitable through crafted files or email content

  • May be triggered via user interaction

  • Impacts Office 2019 and Office 365 Desktop apps

Products with Multiple Vulnerabilities

  • Microsoft SharePoint Server

    • 5 vulnerabilities addressed

    • Includes privilege escalation and remote code execution

    • Likely targets for attackers looking to move laterally in corporate networks

  • Windows DNS Server

    • Multiple denial-of-service and spoofing vulnerabilities

    • Relevant in on-prem environments

What You Should Prioritise

Patch Immediately:

  • CVE-2025-2197 (RDP Gateway)

  • CVE-2025-2203 (Windows Kernel – active exploitation)

Prioritise if SharePoint or Office is in use:

  • CVE-2025-2230 (Office RCE)

  • SharePoint Server rollups

Strategic Notes

If your organisation separates backlog from BAU remediation, this month’s Patch Tuesday items should be handled as new, time-sensitive vulnerabilities — especially those on your Critical Vulnerabilities List.

No references to specific vulnerability scanners are needed. Prioritisation should be driven by:

  • Exploitability status

  • Exposure in your environment

  • Business criticality of affected services

Additional Updates

Adobe also released updates for:

  • Acrobat Reader

  • ColdFusion

  • Creative Cloud products

These are not widely exploited at time of writing, but still warrant attention in enterprise environments with creative or document-heavy workloads.

Final Thought

Microsoft’s June 2025 release is notable for the presence of two zero-days and critical vulnerabilities affecting widely deployed components. Ensure these are addressed in line with your normal triage practices for actively exploited threats.

0
Subscribe to my newsletter

Read articles from Dave Hall directly inside your inbox. Subscribe to the newsletter, and don't miss out.

WindowspatchingVulnerability management#cybersecurity

Written by

Dave Hall
Dave Hall