Microsoft has rolled out fixes for a number of safety flaws as a part of the June 2025 Patch Tuesday launch, together with 11 vulnerabilities with a “crucial” ranking, and 56 others rated as “essential”. Two of the issues patched by Microsoft are categorised as zero-day flaws, one in all which was actively exploited earlier than the corporate rolled out a repair. The Redmond firm beforehand mounted a number of safety flaws affecting Microsoft Edge, together with a zero-day exploit that additionally impacts the Google Chrome browser.
Microsoft Patches Beforehand Exploited WebDAV Zero-Day Flaw
In response to Microsoft’s launch notes, the June 2025 safety updates include fixes for 67 security flaws impacting numerous services and products. The agency has mounted 14 flaws that would have led to an escalation of privilege, 26 distant code execution vulnerabilities, and 17 different points that would have led to data disclosure.
Probably the most notable safety flaw detected by Microsoft is the CVE-2025-33053, which impacts an HTTP extension known as Net Distributed Authoring and Versioning (WebDAV). Microsoft says that this zero-day safety flaw has a CVSS rating of 8.8, and that it has been actively exploited, by tricking customers into clicking on a malicious URL.
This flaw was detected by Verify Level researchers David Driker and Alexandra Gofman, and the cybersecurity agency says a recognized menace actor often known as FruityArmor or Stealth Falcon was utilizing the CVE-2025-33053 vulnerability. The safety flaw allowed the hackers to remotely execute code on a goal’s pc, however making modifications to the sufferer’s working listing.
Microsoft has additionally patched one other zero-day safety flaw that impacts the Home windows SMB (Samba) shopper, and will enable a malicious consumer to realize elevated (or system) privileges on gadgets which might be linked to the identical native community. The difficulty was brought on resulting from improper entry management within the Home windows SMB shopper, in accordance with Microsoft.
Earlier this month, the corporate rolled out a number of safety fixes for the Microsoft Edge browser, which had been beforehand launched by the Chromium challenge. One in all these flaws, identified as CVE-2025-5419, is a zero-day safety flaw that was exploited earlier than it was patched by Google. Customers who’re working on the newest secure launch (model 137.0.3296.62) ought to be protected towards these safety flaws.
About The Author
