Windows June, 2025, Patch Tuesday (& Wednesday)

Back to Giveaway of the Day

Giveaway of the Day Forums » Technical notes

Windows June, 2025, Patch Tuesday (& Wednesday)

(2 posts) (2 voices)

Started 8 months ago by mikiem2
Latest reply from Dragonlair

mikiem2
Moderator

bleepingcomputer[.]com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/

bleepingcomputer[.]com/news/microsoft/windows-11-kb5060842-and-kb5060999-cumulative-updates-released/

bleepingcomputer[.]com/news/microsoft/windows-10-kb5060533-cumulative-update-released-with-7-changes-fixes/

support.microsoft[.]com/en-us/topic/june-11-2025-kb5063060-os-build-26100-4351-out-of-band-b1746442-8c6c-425d-ac5a-3a8f51e372f3

If you installed Tuesday's update for Win11 24H2, you got to do it all over again on Wednesday -- How Nice! There was a conflict with Tuesday's update & Easy Anti-Cheat. Allegedly the update was blocked on systems with Easy Anti-Cheat installed, and also *allegedly* Wednesday's update only applied to those folks, which is Inaccurate/Wrong... Every copy of Win11 24H2 I updated Tuesday got Wednesday's update unasked for, and I am famously Not a gamer.

This month's updates patched a perhaps significant OOPs from Microsoft regarding Secure Boot, showing once again it isn't all that secure really. Binarly, a company that works with BIOS firmware, found a vulnerable Microsoft signed module that they found on Virus Total, so there's a good chance someone found & uploaded it because it was being actively exploited. When Binarly reported it to Microsoft, they found 13 more Microsoft signed vulnerable modules -- all 14 were added to the revocation database with this patch. Per Binarly:

"... we effectively disable Secure Boot, allowing the execution of any unsigned UEFI modules."

Once disabled, attackers can install bootkit malware that can hide from the operating system and turn off further security features."

bleepingcomputer[.]com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/

Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed.

This Patch Tuesday also fixes ten "Critical" vulnerabilities, eight being remote code execution vulnerabilities and two being elevation of privileges bugs.

The number of bugs in each vulnerability category is listed below:

13 Elevation of Privilege Vulnerabilities
3 Security Feature Bypass Vulnerabilities
25 Remote Code Execution Vulnerabilities
17 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
2 Spoofing Vulnerabilities

Posted 8 months ago #
Dragonlair
Member

Actually, I hadn't noticed that it applied twice on my Win 11 Desktop. It's downloading/installing now. I'll reboot a bit later.

However, my Win 11 laptop got both updates yesterday! I updated it, then checked since it is slow and doesn't always see everything and it was there again! I let it do it and then finally got things settled so I could virus check it.

Just a little more delay.

Posted 8 months ago #

RSS feed for this topic

Reply

You must log in to post.