Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV.
Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither of today’s zero-day vulnerabilities are evaluated as critical severity at time of publication. Today also sees the publication of eight critical remote code execution (RCE) vulnerabilities.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Log4j flaw attack levels remain high, Microsoft warns
January 4, 2022
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j ‘Log4Shell’ flaw through December. Disclosed by the Apache Software Foundation on December 9, Log4Shell will likely take years to remediate because of how widely the error-logging software component is used in applications and services. Microsoft warns ...
- FTC warns companies to remediate Log4j security vulnerability
January 4, 2022
Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a serious vulnerability in the popular Java logging package, Log4j (CVE-2021-44228) was disclosed, posing a severe risk to millions of consumer products to enterprise software and web applications. This vulnerability is ...
- Examining Log4j Vulnerabilities in Connected Cars and Charging Stations
December 23, 2021
Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to easily release log statements without modifying the code. This means that it has an expansive ...
- Microsoft informs customers of ‘NotLegit’ Azure bug
December 23, 2021
Microsoft’s Security Response Center has released a blog post explaining its response to the “NotLegit” bug in Azure that was discovered by cloud security company Wiz. Wiz said all PHP, Node, Ruby, and Python applications that were deployed using “Local Git” on a clean default application in Azure App Service since September 2017 are affected. They ...
- Apple fixes macOS security flaw behind Gatekeeper bypass
December 23, 2021
Apple has addressed a macOS vulnerability that unsigned and unnotarized script-based apps could exploit to bypass all macOS security protection mechanisms even on fully patched systems. If they circumvent automated notarization security checks (which scans for malicious components and code-signing issues), the applications are allowed to launch by Gatekeeper, a macOS security feature designed to verify ...
- Microsoft Teams bug allowing phishing unpatched since March
December 22, 2021
Microsoft said it won’t fix or is delaying patches for several security flaws impacting Microsoft Teams’ link preview feature reported since March 2021. German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message ...