Microsoft Update Fixes Two Zero-Day Flaws

Zero-day vulnerabilities pose significant threats to cybersecurity. When a large company such as Microsoft releases a security patch to address these issues, it indicates that individuals of various skill levels should respond promptly. We’ll go over Microsoft’s most recent security update, what zero-day vulnerabilities are, and why it’s important to keep your devices and data safe by staying up to date.

What Are Zero-Day Flaws?

Attackers use zero-day flaws in software before the software developer knows about them. These security holes make systems vulnerable and unprotected until a patch is made available. Attackers often move quickly to take advantage of these weaknesses because there isn’t a fix right away. A zero-day flaw is like a secret backdoor that hackers can use to get into systems and data without permission. If these flaws aren’t fixed, they could let people in without permission, steal data, or install harmful software.

Why Microsoft’s Update Matters

Microsoft recently released a security update addressing two active zero-day vulnerabilities. These flaws affected widely used software, making the update critical for users worldwide. There are several reasons why this update is important:

• Enhanced Security: Applying the patch closes exploitable gaps that attackers could use to compromise devices.
• Improved Performance: Updates often come with stability and performance improvements, providing a better user experience.
• Data Protection: A patched system significantly reduces the risk of data breaches, identity theft, and unauthorized transactions.

Details of the Two Patched Vulnerabilities

Flaw A: Remote Code Execution via Malicious Scripts

This vulnerability allowed attackers to execute unauthorized scripts that could potentially access sensitive user information. By targeting specific software, attackers could manipulate script behavior and extract confidential data.

Flaw B: System Control via Privilege Escalation

This second flaw gave attackers the ability to escalate privileges and take control of the affected system. With elevated access, attackers could perform actions such as installing programs, modifying settings, or accessing private files without user consent. Both vulnerabilities were actively being exploited at the time of discovery, making immediate patching critical.

WebDAV Remote Code Execution Weakness

Details: This is the more critical of the two, as it was actively exploited in the wild.

• Vulnerability Type: Remote Code Execution (RCE) via external control of file name or path in WebDAV.
• Attack Vector: An attacker must trick a user into clicking a specially crafted WebDAV URL.
• Exploitation: The APT group “Stealth Falcon” (also known as FruityArmor) has been observed leveraging this flaw in a new malware campaign, specifically against a defense company in Turkey. The attack involved using a .url file to execute malware hosted on a malicious WebDAV server. This exploit manipulates the working directory of a legitimate Windows tool (like⁣iediagcmd.exe) to execute a rogue file (route.exe) from the attacker’s server.
• Malware Used: The “Horus Agent,” a custom implant built for the Mythic command-and-control (C2) framework, was delivered via this vulnerability. This backdoor is designed to collect system information, enumerate files and folders, download files, and inject shellcode into processes.
• Impact: Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the victim’s system, potentially leading to full system compromise.
• CVSS Score: 8.8 (High severity, but treated as Critical due to active exploitation).
• CISA KEV Catalog: Due to active exploitation, CISA (Cybersecurity and Infrastructure Security Agency) added CVE-2025-33053 to its Known Exploited Vulnerabilities (KEV) Catalog, requiring federal civilian executive branch agencies to apply the patch by July 1, 2025.
• Discovery: Credited to Alexandra Gofman and David Driker of Check Point Research.

Mitigation and Patching: The primary mitigation is to apply the June 2025 Cumulative Update as soon as possible. Organizations should prioritize patching systems that utilize WebDAV or where users are susceptible to phishing attacks.

Windows SMB Client Elevation of Privilege Vulnerability

Details: This vulnerability was publicly disclosed before a patch was available but not actively exploited at the time of release.

• Vulnerability Type: Elevation of Privilege (EoP) due to improper access control in the Windows SMB Client. It’s often described as an NTLM reflection bypass vulnerability.
• Attack Vector: An authenticated attacker can elevate privileges over a network. This typically involves coercing a victim machine to connect back to the attacker’s system via SMB and authenticate. A specially crafted DNS record can disguise the attacker’s listener as “local,” triggering NTLM local authentication and allowing token reuse.
• Prerequisites for Exploitation: The attacker needs valid domain user credentials, and SMB signing must not be enforced on the target machine.
• Impact: Successful exploitation can lead to SYSTEM-level privileges on vulnerable devices, granting the attacker full control of the affected system, including access to sensitive data and resources. While rated “Important” by Microsoft, its potential to lead to SYSTEM-level RCE when SMB signing is not enforced warrants treating it as Critical.
• CVSS Score: 8.8 (High severity).
• Discovery: Attributed to multiple researchers, including Keisuke Hirata (CrowdStrike), Synacktiv, Stefan Walter (SySS GmbH), RedTeam Pentesting GmbH, and James Forshaw of Google Project Zero.

Mitigation and Patching

• Apply the June 2025 Cumulative Update.
• Enforce Server-Side SMB Signing via Group Policy: This is a crucial workaround if immediate patching is not possible. SMB signing ensures that SMB communications are cryptographically signed, preventing relay attacks. However, it’s important to note that some older systems or applications might not support SMB signing, potentially causing compatibility issues.
• Monitor and Restrict DNS Records: Be wary of DNS records that resemble local identifiers (e.g., localhost-like names), as these can be used in the exploitation chain.
• Limit Privileges of Service Accounts: Avoid running critical services under high-privilege (SYSTEM) accounts unless absolutely necessary.
• Network Segmentation: Implement network segmentation and firewall rules to restrict internal SMB/RPC access.

General Information on June 2025 Patch Tuesday

• Total Vulnerabilities: Microsoft addressed 66 security flaws in total.
• Severity Breakdown:
  • 10 Critical severity vulnerabilities
  • 56 Important severity vulnerabilities
• Vulnerability Categories: The updates covered various types of vulnerabilities, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Denial of Service (DoS), Security Feature Bypass, and Spoofing flaws.
• Affected Products: Updates were released for Windows, Office, SharePoint, Visual Studio, and .NET, among others.
• Other Notable Critical Vulnerabilities: Beyond the two zero-days, other critical RCE vulnerabilities were patched in components like Windows Schannel (CVE-2025-29828), Windows Remote Desktop Services (CVE-2025-32710), Microsoft Office (CVE-2025-47162, CVE-2025-47953, CVE-2025-47164), and Windows KDC Proxy Service (KPSSVC) (CVE-2025-33071). These also warrant prompt attention due to their potential for remote code execution.

How to Update Microsoft Software

Updating Microsoft software is a straightforward process that ensures the latest security protections are applied.

For Windows 10/11:

1. Open the Start menu and select Settings.
2. Navigate to Update & Security.
3. Click Windows Update.
4. Select Check for updates and follow the prompts to install available updates.

For Microsoft Office:

1. Open any Office application, such as Word or Excel.
2. Click File, then Account.
3. Under Product Information, click Update Options, then Update Now.

Regularly checking for updates ensures timely protection from known vulnerabilities.

Risks of Ignoring Updates

Failing to apply updates can lead to serious consequences:

• System Instability: Vulnerable software may crash or become unresponsive.
• Security Breaches: Hackers can exploit flaws to access sensitive data.
• Financial Loss: Breached systems can result in fraudulent transactions or identity theft.

Delaying updates increases the risk of falling victim to cyberattacks, especially when vulnerabilities are already known and actively targeted.

Conclusion

Microsoft’s recent update that fixed two serious zero-day vulnerabilities shows how important it is to keep your software up to date. If these flaws aren’t fixed, they could seriously threaten the security of your data and the stability of your system. Users greatly lower their risk of threats by staying informed and quickly applying updates. It is not only a good idea to keep systems up to date; it is also necessary to protect digital spaces. Keeping software up to date is an important part of modern cybersecurity, whether you’re in charge of personal devices or business systems.

Frequently Asked Questions

What are zero-day vulnerabilities?

Zero-day vulnerabilities are security flaws in software that are unknown to the developer at the time of discovery. These flaws are often exploited by attackers before a fix is released, making them particularly dangerous.

What did Microsoft patch in the latest update?

Microsoft’s update addressed two actively exploited zero-day flaws. One allowed remote code execution through malicious scripts, while the other enabled attackers to gain control of affected systems via privilege escalation.

How can users apply the latest Microsoft update?

For Windows users, updates can be installed through the Settings > Update & Security > Windows Update menu. For Office users, updates are available under File > Account > Update Options.

What are the risks of not installing updates?

Unpatched systems are vulnerable to exploitation, which can result in data breaches, unauthorized system access, and financial loss. Skipping updates leaves critical security gaps open to attackers.

How can users stay informed about future Microsoft updates?

Users can subscribe to Microsoft’s security bulletins, follow official blogs, and enable automatic updates. Staying informed through credible technology forums can also help track future patch releases and security advisories.

Join a vibrant community with the sole mission to achieve financial independence.

View more

Reviewed and edited by Albert Fang.

See a typo or want to suggest an edit/revision to the content? Use the contact us form to provide feedback.

At FangWallet, we value editorial integrity and open collaboration in curating quality content for readers to enjoy. Much appreciated for the assist.

---

Did you like our article and find it insightful? We encourage sharing the article link with family and friends to benefit as well - better yet, sharing on social media. Thank you for the support! 🍉

Article Title: Microsoft Update Fixes Two Zero-Day Flaws

https://fangwallet.com/2025/06/21/microsoft-security-update/

---

The FangWallet Promise

FangWallet is an editorially independent resource - founded on breaking down challenging financial concepts for anyone to understand since 2014. While we adhere to editorial integrity, note that this post may contain references to products from our partners.

The FangWallet promise is always to have your best interest in mind and be transparent and honest about the financial picture.

---

---

Become an Insider

Subscribe to get a free daily budget planner printable to help get your money on track!

Make passive money the right way. No spam.

* indicates required

First Name

Email Address *

/* real people should not fill this in and expect good things - do not remove this or risk form bot signups */

---