Welcome to my June 2025 Patch Monday newsletter! It has been a fairly slow month for our normal vendors in the chart below. We only have one zero day to talk about.
This month's only zero day is from Google for Chrome. Google released five different updates in the past 30 days with 25 different vulnerabilities patched. The one we want to focus on is CVE-2025-5419. On June 2nd they released an update for Stable Channel for Desktop and on June 3rd an update for Extended Stable for Desktop, but both are for the same CVE. Google says they are aware that this exploit exists in the wild. So, you will want to make sure your browsers get updated.
Apple and Zoom didn't have any new updates in the past 30 days so I expect a big month from them (at least from Apple) in the next 30 days. Adobe had a handful of updates but nothing unusual. All in all, it was a pretty slow month for updates. I wish there was more to say but I guess no news is good news, right?
I will be doing a special webinar in July related to Windows Event Collection. I would love for you to reply to this email and let me know what big challenges you have been facing with WEC/WEF. In the webinar we will be discussing the top 5 challenges we have seen and worked with but I'd love to get your feedback as well.
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
|||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommedation |
|
Adobe InCopy |
20.2/19.5.3 and earlier |
6/10/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager |
AEM Cloud Service |
6/10/2025 |
Arbitrary Code Execution, Privilege Escalation |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Commerce |
Commerce/Magento Open Source 2.4.8 |
6/10/2025 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InDesign |
ID20.2 and earlier |
6/10/2025 |
Application DoS, Arbitrary Code Execution, Memory Leak |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Substance 3D Sampler |
5.0 and earlier |
6/10/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Acrobat and Reader |
Reader DC/DC Continuous 25.001.20521 and earlier |
6/10/2025 |
Application DoS, Arbitrary Code Execution, Memory Leak, Security Feature Bypass |
Critical Priority 3: Update at admin's discretion |
|
|
Adobe Substance 3D Painter |
11.0.1 and earlier |
6/10/2025 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Google |
Before 137.0.7151.119 (Linux) |
6/17/2025 |
Inappropriate Implementation, Integer Overflow, Out of Bounds, Type Confusion, Use After Free |
Update ASAP | |
|
Mozilla Thunderbird |
Before 139.0.2 |
6/10/2025 |
Unsolictied File Download, Disk Space Exhaustion, Credential Leakage |
Update after testing |
|
|
Mozilla Thunderbird ESR |
Before 128.11.1 |
6/10/2025 |
Unsolictied File Download, Disk Space Exhaustion, Credential Leakage |
Update after testing |
|
|
Mozilla Firefox |
Before 139.0.4 |
6/10/2025 |
Integer Overflow, Memory Corruption |
Update after testing |
|
|
Mozilla VPN for macOS |
Before 2.28.0 |
5/30/2025 |
Privilege Escalation |
Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
9450 SW Gemini Drive #53822, Beaverton, OR 97008
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.