Microsoft has released its June 2025 Patch Tuesday security updates, addressing multiple vulnerabilities across its products, including one that has been detected as exploited in the wild.
Tracked as CVE-2025-33053, a vulnerability in WebDAV that could allow an unauthorized attacker to execute code over a network. A security researcher from Check Point Research has uncovered a new campaign targeting this vulnerability, attributed to the APT group Stealth Falcon.
Based on the official release notes from Microsoft, the patch includes 66 Microsoft CVEs — 10 are tagged as ‘Critical,’ while the rest are classified as ‘Important.’
_____________________________
A. List of the Vulnerabilities
Kindly check the link below for the lists of Microsoft CVEs and non-Microsoft CVEs.
- https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
_____________________________
B. Actions to be Taken
CERT-PH recommends the following actions be taken:
- Kindly review and apply the necessary updates to mitigate future threats.
- For additional information, kindly refer to the official report
- Microsoft:
- https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun
- https://msrc.microsoft.com/update-guide/vulnerability
- Check Point Research
- https://research.checkpoint.com/2025/stealth-falcon-zero-day/
- Microsoft: