Microsoft’s June Security Update: 67 Vulnerabilities Patched, Including Active WEBDAV Zero-Day – How SMBs Should Respond

Imagine waking up tomorrow to find your entire business offline because of a vulnerability that could have been patched. That’s the real risk SMBs face with Microsoft’s latest security update, which addresses 67 newly discovered flaws—including a zero-day vulnerability making headlines for being actively exploited. This update isn’t just another item on your IT team’s monthly to-do list: it’s a crucial line of defense against breaches, business disruption, and unpredictable costs.

What’s Happening: Zero-Day Risks and 67 New Security Flaws

On June 11, 2025, Microsoft released security patches for 67 vulnerabilities, spanning across Windows, Office, Microsoft Edge, Azure, and more. Of these, 11 are rated Critical and 56 Important, with one especially dangerous flaw: a zero-day vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) service. This vulnerability is already being actively exploited by attackers—meaning cybercriminals are targeting unpatched systems right now (The Hacker News, 2025).

• 26 allow remote code execution (attackers running code over the internet)
• 17 leak sensitive information
• 14 enable attackers to escalate user privileges

For business leaders at companies with under 100 employees, this is not just IT news—it’s an urgent business risk. According to IBM’s 2023 Cost of a Data Breach Report, the average data breach costs organizations $4.45 million, with SMBs often struggling to recover (IBM, 2023).

> Note: Even one unpatched vulnerability—especially a zero-day—can give attackers a foothold that leads to data loss, ransomware, and weeks of operational chaos.

How Do These Vulnerabilities Affect Your Business?

If your organization runs on Microsoft products (Windows Servers, Office, cloud services), here’s what’s at stake:

• Business downtime: Attacks disrupt workflows and client delivery.
• Lost data: Information disclosure flaws can expose sensitive customer and financial data.
• Higher costs: Recovery, ransomware payments, and regulatory fines for breaches far outweigh proactive security investments.
• Reputational damage: Clients lose trust if you can’t keep their information safe.

Cybercriminals increasingly target SMBs because they often have limited in-house IT expertise. Quick action is key: patching now dramatically reduces risk.

Actionable Steps: 5 Moves to Secure, Simplify, and Control Costs in 30 Days

1. Patch Immediately: Ensure all Windows and Microsoft-based systems are updated with the June 2025 security patches. Prioritize servers and endpoints with WEBDAV enabled.
2. Audit & Restrict WEBDAV: Disable the WEBDAV service on any system that doesn’t need it for daily operations. Fewer attack surfaces equals lower risk.
3. Review Access Controls: Use the opportunity to review who has admin and sensitive data access. Remove unnecessary privileges to limit damage if an account is compromised.
4. Automate Patch Management: Adopt tools or managed IT services that automate and verify software patches—reducing human error and compliance gaps.
5. Update Your Incident Response Plan: Make sure your plan covers zero-day scenarios. Staff should know who to contact, and what immediate steps to take in case of breach.

Need help evaluating patch status or automating updates? Book a 15-min security consult with BoltWork for expert, jargon-free guidance.

BoltWork Can Help Secure, Simplify, and Reduce IT Costs—Starting Now

Running a business is hard enough without sweating over the next zero-day alert. At BoltWork, our managed IT & cybersecurity solutions are built for SMBs—even those without full-time IT staff. We handle the patching, monitoring, and response while helping you control costs and focus on growth—not just threats.

These Microsoft vulnerabilities show why regular, proactive updates must be a non-negotiable part of your IT strategy. If you’re unsure about your current protection, or need help reducing IT complexity and costs, let’s talk.

Book a 15-minute security consult now at boltwork.ai/contact. Put the patchwork—and the worry—on autopilot.

References

• The Hacker News. Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild. 2025.
• IBM. Cost of a Data Breach Report. 2023.