Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Microsoft Patch Tuesday June 2025, Patches 65 vulnerabilities (9 Critical, 56 Important, 0 Moderate), Including 2 Zero Days, With 1 Actively Exploited. Patch Immediately!!
Image
Publié : 13/06/2025
* Last update: 11/06/2025
* Affected software:
→ Microsoft Products
* Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation
* CVE/CVSS:Microsoft patched 65 vulnerabilities in its June 2025 Patch Tuesday release, 9 rated as critical, 56 rated as important. It Includes 2 0‑day vulnerabilities and 1 vulnerability that is actively exploited.
Number of CVE by type:
- 25 Remote Code Execution vulnerabilities
- 17 Information Disclosure vulnerabilities
- 13 Elevation of Privilege vulnerabilities
- 6 Denial of Service vulnerabilities
- 2 Spoofing vulnerabilities
- 2 Security Feature Bypass vulnerabilities
Sources
Microsoft - https://msrc.microsoft.com/update-guide/en-us/releaseNote/2025-jun
Risks
Microsoft’s June 2025 Patch Tuesday includes 65 vulnerabilities (with 9 rated as critical and 56 important) for a wide range of Microsoft products impacting Microsoft Servers and Workstations. This Patch Tuesday includes two 0‑Days, one of which is actively exploited. Some vulnerabilities are more likely to be exploited soon; therefore, urgent patching is advised.
Description
Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.
The CCB would like to point your attention to following vulnerabilities:
CVE‑2025‑33053: Web Distributed Authoring and Versioning (Actively Exploited, Zero‑day)
Remote Code Execution Vulnerability: a remote attacker could exploit this vulnerability through social engineering, by luring a user to open a malicious file or URL. Successful exploitation could allow an attacker to potentially execute arbitrary code over the victim’s network. According Microsoft researchers, this CVE was exploited in the wild as a zero-day. It is assigned with a CVSSv3 score of 8.8 and it is rated as important.
CVE-2025-33073: Windows SMB Client (PoC released, Zero‑day)
Elevation of Privilege Vulnerability: successful exploitation of this vulnerability could allow an authorize attacker to elevate privileges to SYSTEM. To exploit this vulnerability, an attacker could execute a crafted malicious script to trigger the victim device to connect to an attacker-controlled machine using SMB credentials. This CVE has CVSSv3 score 8.8 and is rated important, it is likely to be exploited, given that proof-of-concept code for this bug is now public.
CVE-2025-33070: Windows Netlogon
Elevation of Privilege Vulnerability: an unauthenticated attacker could exploit this vulnerability to elevate privileges over the network. According to Microsoft, a successful attack requires the attacker to take additional action in order to prepare a target for exploitation. However, Microsoft assesses this vulnerability as “Exploitation More Likely”. This vulnerability has CVSSv3 score 8.1 and is rated as critical.
CVE-2025-33071: Windows KDC Proxy Service (KPSSVC)
Remote Code Execution: exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary over the network. This vulnerability affects Windows Kerberos Distribution Center (KDC) proxy service. This CVE has CVSSv3 score of 8.1 and it is rated as critical.
CVE-2025-47172: Microsoft Office SharePoint
Remote Code Execution: successful exploitation of this vulnerability could allow authenticated to execute arbitrary code over the network. This is a critical remote code execution vulnerability affecting Microsoft SharePoint with CVSSv” score 8.8.
CVE-2025-47162, CVE-2025-47164, CVE-2025-47167 and CVE-2025-47953: Microsoft Office
Remote Code Execution: these four vulnerabilities are affecting Microsoft Office. Each of these vulnerabilities has a CVSSv3 score of 8.4 and all are rated as critical.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
The Hacker News - https://thehackernews.com/2025/06/microsoft-patches-67-vulnerabilities.html
Tenable - https://www.tenable.com/blog/microsofts-june-2025-patch-tuesday-addresses-65-cves-cve-2025-33053