Microsoft issues security update as Windows attacks begin.
Users of the Windows operating system, be that Windows 10, Windows 11 or any of the Windows Server variants, are used to reading Microsoft cyberattack warnings. Some warnings, however, are more critical than others. Whenever a Windows zero-day exploit is involved, then you really need to start paying close attention. These are the vulnerabilities that have not only been found by threat actors, but also exploited and are under attack already by the time that the vendor, in this case Microsoft, becomes aware of them. Microsoft, and by extension you, are then playing catch-up to get protected against the cyberattacks in question. Here’s what you need to know about CVE-2025-33053 and what you need to do right now. Don’t wait, update Windows right now.
What Windows Users Need To Know About CVE-2025-33053
The June 10 Patch Tuesday security rollout has brought with it a few unwelcome surprises, as is often the case. None more so than CVE-2025-33053, which is not only a zero-day, in that it is already known to have been exploited by threat actors, but is also being leveraged widely by cyberattacks, and that’s very worrying indeed for all Windows users.
A Microsoft executive summary describes the threat from CVE-2025-33053 as “external control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.” Or, in other words, a remote code execution vulnerability that can do some very bad things indeed.
Tenable Research Special Operations has analyzed the threat, and Satnam Narang, the senior staff research engineer at Tenable, said that it has been confirmed in a Check Point Research report, a known threat group, Stealth Falcon, has “launched a social engineering campaign to convince targets to open a malicious .url file, which would then exploit this vulnerability, giving them the ability to execute code.” That’s problematical, as Narang explained, “it is rare to hear of a zero-day reported during Patch Tuesday as being leveraged widely. We typically expect these types of zero-days to be used sparingly, with an intention to remain undetected for as long as possible.” All the more reason to get your systems updated as soon as possible. The attackers are not waiting, and neither should you.
“The advisory also has attack complexity as low,” Adam Barnett, lead software engineer at Rapid7, said, “which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker’s control.” Indeed, exploitation just requires a user to click on a malicious link, oh what a surprise. “It’s not clear how an asset would be immediately vulnerable if the service isn’t running,” Barnett concluded, adding “but all versions of Windows receive a patch.” You know what to do, go and do it know.
