Patch Tuesday · June 2025

June 2025 Patch Tuesday: what UK businesses need to know.

June 2025 kicked off our twelve-month archive with a balanced release including two Critical vulnerabilities in Windows networking and a SharePoint Server RCE worth prioritising.

Executive summary

Start of the cycle — a balanced release with two notable Critical CVEs.

June 2025 kicked off our twelve-month archive with a balanced release including two Critical vulnerabilities in Windows networking and a SharePoint Server RCE worth prioritising.

  • Risk theme: Windows networking Critical RCE
  • Risk theme: SharePoint Server RCE
  • Risk theme: Office click-to-run flaw
  • Risk theme: Defender update
Vulnerabilities remediated

The issues that move the needle this month.

We have focused on the categories with realistic exploitation paths for UK SMEs and regulated firms. Always cross-check with Microsoft's Security Update Guide and your own asset inventory before deployment.

Windows networking Critical RCE

Pre-authentication remote code execution on exposed Windows hosts. Top priority for any internet-reachable server.

SharePoint Server RCE

Authenticated attackers could execute code on the SharePoint server itself. Relevant for firms with internal portals.

Office click-to-run flaw

Realistic phishing vector. Patches deploy automatically for most click-to-run installations once the update channel updates.

Defender update

Engine and platform update with new detection signatures.

Affected systems

Where the risk lives.

  • Windows 10, 11 and Server
  • SharePoint Server (Subscription Edition)
  • Microsoft Office and Microsoft 365 Apps
  • Microsoft Defender for Endpoint
Known deployment issues

What to watch for when rolling out.

  • SharePoint update required Configuration Wizard run.
  • Defender platform update temporarily affected scan scheduling for a small subset of devices.
Pros of deploying
  • Closes a pre-auth RCE — meaningfully reduces attack surface.
  • Establishes a strong patching baseline going into the summer.
Cons / trade-offs
  • SharePoint patching is operationally heavy.
  • Networking fixes require server reboots, often in maintenance windows.
Hints & tips for a successful deployment

How experienced teams roll these out without drama.

  • Run the SharePoint Configuration Wizard on every server in the farm.
  • Audit which Windows hosts are actually internet-reachable — surprises here drive most incidents.
  • Confirm Defender platform version across the estate post-deployment.
How Secure Chain helps

Advice, guidance, or full remediation — your call.

Whether you want a second pair of eyes on this month's release or you would rather hand the entire patching cycle to us, Secure Chain Technology Group can support at any level of involvement.

  • Advisory: a prioritised briefing mapped to your estate and risk appetite, with recommended rollout rings.
  • Guided deployment: we work alongside your IT team — test plans, rollback procedures and change-management evidence.
  • Fully managed remediation: we deploy, validate and report on every patch through our Vulnerability Management-as-a-Service (VMaaS) and Patch Management services.
  • Compliance evidence: reporting aligned to Cyber Essentials Plus, ISO 27001 and DSPT requirements.
Sample report
Request a sample vulnerability report
Assessment
Book a cyber security assessment
← All Patch Tuesday briefings

Always verify against the official Microsoft Security Update Guide and your own asset inventory before deployment.