Full Report
Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.
Analysis Summary
# Vulnerability: Windows WebDAV Remote Code Execution (Zero-Day)
## CVE Details
- CVE ID: CVE-2025-33053
- CVSS Score: N/A (Zero-day, severity implied by RCE)
- CWE: N/A
## Affected Systems
- Products: Windows operating systems (all versions receiving the patch, including Server 2025 and Windows 11 24H2)
- Versions: All affected versions receiving the June 2025 Microsoft security update.
- Configurations: Systems where the WebDAV component (part of the IIS feature set, or related services) is functional, although the underlying `WebClient` service is deprecated and not started by default since Nov 2023.
## Vulnerability Description
A Remote Code Execution (RCE) vulnerability exists in the Windows implementation of WebDAV (an HTTP extension used for remote file management). Exploitation appears to be possible via user interaction, such as clicking a malicious link.
## Exploitation
- Status: **Under active attack (Zero-Day)**
- Complexity: **Low** (Exploitation does not require significant preparation beyond the attacker's control, relies on user interaction).
- Attack Vector: Network (Implied by RCE over WebDAV/HTTP links)
## Impact
- Confidentiality: Not specified (Likely High given RCE context)
- Integrity: Not specified (Likely High given RCE context)
- Availability: Not specified (Likely High given RCE context)
## Remediation
### Patches
- Microsoft Security Updates released in June 2025 addressing CVE-2025-33053.
### Workarounds
- Ensure the WebClient service is not running or enabled, especially in legacy or specialized systems, though the patch is recommended for robustness across all versions.
## Detection
- **Indicators of compromise**: Monitoring network traffic related to anomalous WebDAV or HTTP interactions targeting vulnerable systems.
- **Detection methods and tools**: Apply Microsoft's June 2025 security updates.
## References
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33053
- https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202025/32032 (For full context on Microsoft updates)
***
# Vulnerability: Windows SMB Client Elevation of Privilege
## CVE Details
- CVE ID: CVE-2025-33073
- CVSS Score: 8.8 (High)
- CWE: N/A
## Affected Systems
- Products: Windows operating systems utilizing the Windows Server Message Block (SMB) client.
- Versions: Extensive scope; core protocol used across Windows environments.
- Configurations: Any system using the SMB client protocol.
## Vulnerability Description
An Elevation of Privilege vulnerability exists in the Windows SMB client. Successful exploitation allows an attacker who can establish an initial connection to gain **SYSTEM** level control over the target PC. The flaw is dangerous because no further user interaction is required once the initial connection is established.
## Exploitation
- Status: **PoC available** (Proof-of-concept code is public/available)
- Complexity: **Low** (Initial exploitation trigger often bypasses user awareness upon connection).
- Attack Vector: Network
## Impact
- Confidentiality: Not specified (High, given systemic access)
- Integrity: Not specified (High, given systemic access)
- Availability: Not specified (High, given systemic access)
## Remediation
### Patches
- Microsoft Security Updates released in June 2025 addressing CVE-2025-33073.
### Workarounds
- Limit network exposure of SMB services where possible.
## Detection
- **Indicators of compromise**: Look for anomalous process execution or privilege escalations to SYSTEM context originating from network connections.
- **Detection methods and tools**: Apply Microsoft's June 2025 security updates.
## References
- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073
- https://www.action1.com/patch-tuesday/patch-tuesday-june-2025/?vyj (For Action1 breakdown)
***
# Other Notable Disclosures
## BadSuccessor (Windows Server 2025 Domain Controller Flaw)
- **CVE ID**: N/A (Specific CVE not provided in text)
- **Description**: Weakness in Windows Server 2025 that allows attackers to act with the privileges of *any* user within Active Directory.
- **Status**: Publicly disclosed (May 21) with several public PoCs available.
- **Mitigation**: Organizations with Windows Server 2025 Domain Controllers should review and severely limit permissions for all principals.
## Google Chrome Zero-Days
- **CVE ID**: CVE-2025-5419 and CVE-2025-4664
- **Description**: Two zero-day exploits fixed in the latest Chrome update.
- **Mitigation**: Update Google Chrome immediately (update requires browser restart).
## Adobe Updates
- Adobe released fixes for Acrobat Reader and six other products, addressing at least 259 vulnerabilities, the majority in Experience Manager.
- **Mitigation**: Apply Adobe security updates.