Microsoft Today, security updates were released to fix at least 67 weaknesses Stretch Operating system and software. Redmund has warned that one of the flaws is already under active attack, and software blueprints show how to exploit a broad Windows bug in this month, now public.
This month’s only zero-day defect Cve-2025-33053A distance code execution defect in Windows Implementation Webdav – An HTTP extension that allows users to manage files and directions on the server. While webdav is not able to default in Windows, its appearance in heritage or special systems still makes it a relevant goal, Seth HoyatSenior security engineer Automox,
Adam barnetLead software engineer Rapid7Said that Microsoft’s advice for CVE-2025-33053 is not mentioned that Windows implementation of Webdav is listed as a demarcation since November 2023, which practically means that webchalient service no longer starts default.
“Attack in the advisor is also low, which means exploitation does not require the preparation of the target environment in any way that is beyond the control of the attacker,” Balenet said. “Exploitation depends on the user clicking on a malicious link. It is not clear how a property will be weakened immediately, but all versions of Windows receive a patch, with a patch that has been released since the webclient’s designation, such as the server 2025 and Windows 11 24H 2.”
Microsoft has warned that “height of privilege” in vulnerability Windows server message block (SMB) Customer (Cve-2025-33073) It is likely to be exploited, given that the proof-off-concept code for this bug is now public. The CVSS risk score in the CVE-2025-33073 is 8.8 (out of 10), and exploitation of the defect leads to the attacker who attains a “system” level control on a weak PC.
“It is especially dangerous that no more user interaction is required after the initial connection – some attackers can often trigger the user without realizing,” Alex VavakCo-founder and CEO Action1“Given high privilege levels and ease of exploitation, this defect pose a significant risk to the Windows environment. The scope of affected systems is widespread, as SMB is a core Windows Protocol that is used for file and printer sharing and inter-process communication.”
Beyond these highlights, 10 of the weaknesses fixed in this month were “critical” by Microsoft, including eight remote code execution defects.
This month’s patch is particularly absent from the batch Windows Server 2025 This allows the attackers to act with any user privileges in the active directory. Bug, dub “Rogue,” Was Publicly revealed By researchers on Akamai On 21 May, and many public evidence-concepts are now available. Satnam Narang of Tenable said that organizations that have at least one Windows Server 2025 Domain Controller, should review permissions for principals and limit those permissions as much as possible.
Adobe Has released update for Acrobat Reader And six other products address at least 259 weaknesses, in an update for most of them Experience manager, Mozila firefox And Google chrome Both recently issued security updates released, which require the browser to be restarted to make effective. The latest chrome update corrects two zero-day exploits in the update browser (CVE-2025-5419 and CVE-2025-4664).
For a detailed breakdown on individual safety updates released by Microsoft, see today Patch Tuesday roundup From Sans Internet Storm CenterAction is 1 Patch break from Microsoft And a fleet of other software vendors releases the fix this month. As usual, please backup your system and/or data before patching, and feel free to leave a note in the comment if you participate in any problem in applying these updates.
