Microsoft on Tuesday pushed out patches for not less than 66 safety defects throughout the Home windows ecosystem and referred to as pressing consideration to a WeBDAV distant code execution bug that’s already been exploited within the wild.
The WeBDAV (Net Distributed Authoring and Versioning) flaw, marked as ‘necessary’ with a CVSS rating of 8.8/10, permits browser-based drive-by downloads if a goal clicks on a rigged web site.
“Exterior management of file title or path in WebDAV permits an unauthorized attacker to execute code over a community,” Microsoft stated in a barebones bulletin.
As is customary, Redmond has not disclosed who’s abusing the CVE-2025-33053 software program defect or whether or not exploitation is widespread. The corporate has not offered IOCs (indicators of compromise) or different telemetry to assist defenders hunt for indicators of infections.
Examine Level Software program, the corporate credited with reporting the bug, launched a separate advisory warning that profitable exploitation may enable a distant attacker to execute arbitrary code on the affected system.
Examine Level has linked the in-the-wild exploitation to an APT group referred to as ‘Stealth Falcon’ that makes use of spear-phishing to focus on organizations in Turkey, Qatar, Egypt and Yemen. Stealth Falcon has been publicly attributed to the United Arab Emirates (UAE).
Each corporations warn that the assault floor is gigantic with each supported model of Home windows listed as weak, from older Server 2008 builds proper as much as Home windows 11 24H2 and the forthcoming Server 2025 releases.
As a result of WebDAV depends on the legacy MSHTML and EdgeHTML rendering engines, Microsoft can also be pushing fixes via the Web Explorer cumulative replace channel for older server platforms, making certain the underlying scripting parts are patched alongside the core WebDAV code.Commercial. Scroll to proceed studying.
The exploited WeBDAV zero-day headlines a whopper Patch Tuesday that gives cowl for not less than 9 critical-severity Home windows flaws with distant code execution danger.
In response to Redmond’s safety response group, the important bugs had been patched in Microsoft Sharepoint Server (CVE-2025-47172), Microsoft Workplace, Home windows Netlogon (CVE-2025-47167), Home windows KDC Proxy Service (CVE-2025-33071), Home windows Distant Desktop Providers (CVE-2025-32710), and Home windows Schannel (CVE-2025-29828).
The software program big additionally flagged CVE-2025-3052 for fast consideration, warning {that a} vulnerability in a UEFI utility signed with a widely-trusted Microsoft third-party UEFI certificates might be exploited to bypass Safe Boot protections.
The InsydeH2O Safe Boot Bypass, reported by Binarly by way of CERT/CC, impacts any machine that trusts Microsoft’s “UEFI CA 2011” digital signature, a listing that features most trendy laptops, servers and workstations as a result of the identical certificates additionally indicators the Linux “shim” loader utilized by main distributions.
Binarly stated it first observed the module on the VirusTotal malware-scanning service in November 2024; embedded signature metadata reveals it was compiled and signed in October 2022, so it has doubtless been circulating un-detected for years.
Associated: 5 Zero-Days, 15 Misconfigurations Present in Salesforce Business Cloud
Associated: Misconfigured HMIs Expose US Water Methods to Anybody With a Browser
Associated: Zero-Day Assaults Spotlight One other Busy Microsoft Patch Tuesday
Associated: Microsoft Patches 125 Home windows Vulns, Together with Exploited CLFS Zero-Day
