On June 10, as a part of its Patch Tuesday, Microsoft, amongst different issues, mounted CVE-2025-33053 — an RCE vulnerability in Internet Distributed Authoring and Versioning (WebDAV, an extension of the HTTP protocol). Microsoft doesn’t categorize it as essential, however three information counsel it’s price putting in the corresponding patches asap:
- CVE-2025-33053 has a reasonably excessive ranking on the Widespread Vulnerability Scoring System scale — 8.8;
- its exploitation has been detected within the wild;
- Microsoft determined to patch not solely trendy Home windows, but additionally quite a lot of outdated, now not supported variations of its working system.
What’s WebDAV and what’s the CVE-2025-33053 vulnerability?
Sooner or later within the distant internet-past, customers of the web required a instrument that may enable them to collaborate on paperwork and handle information on distant internet servers. In reply, a particular working group created DAV — a set of extensions to the HTTP protocol. Help for the brand new protocol was applied within the default Home windows browser — Microsoft Web Explorer.
Quick-forward to the start of 2023, and Web Explorer was lastly decommissioned, however as we’ve already written, the browser continues to be very a lot alive. Quite a lot of its mechanisms are nonetheless utilized in third-party purposes, in addition to within the new Microsoft Edge browser. Subsequently, attackers proceed to seek for vulnerabilities that may be exploited utilizing IE. CVE-2025-33053 is certainly one of them. It permits attackers to execute arbitrary code if the sufferer clicks on a hyperlink to a WebDAV server they management. That’s, all that’s required of the attackers is to persuade the sufferer to comply with the hyperlink. The precise working precept of the exploit for this vulnerability has not but been publicly disclosed, however in accordance to the Verify Level researchers who initially discovered CVE-2025-33053, exploitation happens by means of manipulations with the working listing of a “professional Home windows instrument”.
Who can exploit CVE-2025-33053, and the way?
Verify Level researchers found exploitation of this vulnerability in assaults attributed to the Stealth Falcon APT group — identified to be working within the Center East. Nevertheless, it’s apparent that after the publication of the analysis and the replace to the system itself, different cybercriminals will attempt to reverse engineer the patch and create their very own exploits as quickly as potential. The convenience of exploitation and prevalence of the weak browser makes CVE-2025-33053 a super candidate for malware supply — particularly ransomware.
How you can keep protected?
Home windows working methods must be up to date as quickly as potential. Microsoft has launched patches even for the outdated Home windows Server 2012 and Home windows 8 (you could find them within the description of CVE-2025-33053). As well as, we advocate utilizing dependable safety options on all units used for web entry — they’re in a position to detect each makes an attempt to use vulnerabilities and the launch of malicious code. It additionally is smart to usually increase worker safety consciousness (for instance, utilizing the Kaspersky Automated Safety Consciousness Platform), as a result of most trendy cyberattacks start with emails or different messages from attackers — who most frequently use pretty customary methods.
