Microsoft has announced the resolution of 66 vulnerabilities across its product suite in its latest security update, which was released on Tuesday. Among these vulnerabilities is a zero-day exploit in WebDAV, a feature that facilitates remote file sharing and editing, which has reportedly been exploited for remote code execution by the hacking group known as Stealth Falcon. The full details of the security update can be found in the latest security update.
According to research conducted by Check Point, Stealth Falcon exploited the zero-day vulnerability, identified as CVE-2025-33053, to deliver malware to a defense contractor in Turkey as early as March. This group has been known for its targeted espionage efforts in the Middle East and Africa, focusing mainly on governmental and defense sectors in various countries, including Turkey, Qatar, Egypt, and Yemen. The extent of the threat posed by Stealth Falcon was detailed in a threat report released on the same day as the security update.
Check Point’s research group manager, Eli Smadga, stated that very few organizations have been identified as being impacted by the exploit thus far, emphasizing that the exploit appears to be targeted rather than widespread. The Cybersecurity and Infrastructure Security Agency has since added CVE-2025-33053 to its catalog of known exploited vulnerabilities as of Tuesday, indicating the seriousness of the threat.
Experts have indicated that the complexity of Stealth Falcon’s attack methodology, which leverages a range of tools including WebDAV, demonstrates a sophisticated approach to cyber-infiltration. Mike Walters, president and co-founder of Action1, noted that the use of WebDAV in enterprise environments often goes poorly secured. “The potential impact is extensive, with millions of organizations worldwide at risk,” Walters commented, estimating that up to 80% of enterprises could be vulnerable to the zero-day exploit addressed in this update.
This month’s security update included a total of 66 vulnerabilities, featuring one critical vulnerability, 43 high-severity defects, and 22 medium-severity flaws. Notably, another critical vulnerability identified as CVE-2025-47966 affects Power Automate and allows unauthorized users to access sensitive information through privilege escalation. Organizations are encouraged to review the complete list of vulnerabilities addressed in Microsoft’s Security Response Center.