Welcome to The Deep Dive, your essential weekly security update for system and security professionals focusing on Microsoft Windows and Edge. This week, for June 11th to 17th, 2025, we deliver a no-fluff report on the most critical updates you need to know about right now.

We're cutting through the noise to give you a clear path to action, consolidating information from Microsoft's posts and support docs.

This Week's Critical Updates:

• Microsoft Edge Vulnerabilities: We analyze two new CVEs that came via the Chromium engine.

  • CVE-2025-5959: A "type confusion in V8" vulnerability.

  • CVE-2025-5958: A "use after free in media" vulnerability.

  • Both are serious memory corruption issues that can often lead to remote code execution. The good news is that the fix is simple: just update to the latest version of Microsoft Edge.

• Surface Hub V1 Critical Alert: A major issue is affecting Surface Hub V1 devices running Windows 10 version 22H2.

  • The June 2025 security update (KB5060533) is causing some devices to fail on startup, showing a "secure boot violation" error due to an invalid signature.

  • Microsoft has released an out-of-band update, KB5063159, which is now offered instead of the problematic one to prevent further issues.

  • For devices already impacted and unable to start, we discuss the supported fallback modes, including Guest Mode and Replacement PC Mode, that you can use as temporary workarounds. Microsoft has stated resolution steps for recovering these devices are "forthcoming".

• Informational Windows CVEs: We cover updates for CVE-2025-33073 (SMB client elevation of privilege) and CVE-2024-28923 (Secure Boot bypass). The updates this week were purely informational, meaning no new patch is required at this time, and existing guidance has not changed.

#Microsoft #Windows #SecurityUpdate