In a significant update released on Patch Tuesday, Microsoft addressed a total of 66 vulnerabilities, among which is a critical zero-day exploit identified as CVE-2025-33053. This particular vulnerability has been actively exploited by the espionage group known as Stealth Falcon, which targeted a defense contractor in Turkey back in March, according to a recent threat report from Check Point Research.
Stealth Falcon has been known for its espionage activities since 2012, focusing primarily on high-profile targets within the government and defense sectors across the Middle East and Africa, including nations like Turkey, Qatar, Egypt, and Yemen. Eli Smadga, the research group manager at Check Point, noted that the zero-day exploit appears to be highly targeted, affecting specific organizations rather than being widespread.
Security Implications
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added CVE-2025-33053 to its catalog of known exploited vulnerabilities. The report highlights the group’s innovative methods of infection, utilizing WebDAV, LOLBins, and multi-stage loaders, blending both native and .NET components to execute their attacks.
WebDAV, an extension of the HTTP protocol, is commonly used in enterprise systems for file sharing and editing. However, it is often inadequately secured, leading to potential vulnerabilities. Mike Walters, president and co-founder of Action1, emphasized that many organizations enable WebDAV without fully understanding the associated security risks, putting millions of enterprises at risk. Walters estimates that up to 80% of organizations could be vulnerable to the zero-day vulnerability patched in this update.
This month’s security update also includes one critical vulnerability, CVE-2025-47966, which allows unauthorized users to access sensitive information in Power Automate, potentially escalating privileges for attackers. Additionally, 17 vulnerabilities affect Microsoft Office and standalone Office products, with three of these defects flagged as more likely to be exploited.
For businesses relying on Microsoft products, the implications of these vulnerabilities are profound, underscoring the necessity for prompt updates and vigilant security practices to safeguard against emerging threats.
