CVE-2025-33053: a good reason to update Windows

Internet Explorer sends its regards: a vulnerability in the HTTP protocol extension allows attackers to run malicious code — even on a modern operating system.

CVE-2025-33053: RCE in WebDAV

On June 10, as part of its Patch Tuesday, Microsoft, among other problems, fixed CVE-2025-33053 — an RCE vulnerability in Web Distributed Authoring and Versioning (WebDAV, an extension of the HTTP protocol). Microsoft doesn’t categorize it as critical, but three facts suggest it’s worth installing the corresponding patches asap:

  • CVE-2025-33053 has a fairly high rating on the Common Vulnerability Scoring System scale — 8.8;
  • its exploitation has been detected in the wild;
  • Microsoft decided to patch not only modern Windows, but also a number of outdated, no longer supported versions of its operating system.

What is WebDAV and what is the CVE-2025-33053 vulnerability?

At some point in the distant internet-past, users of the net required a tool that would allow them to collaborate on documents and manage files on remote web servers. In answer, a special working group created DAV — a set of extensions to the HTTP protocol. Support for the new protocol was implemented in the default Windows browser — Microsoft Internet Explorer.

Fast-forward to the beginning of 2023, and Internet Explorer was finally decommissioned, but as we’ve already written, the browser is still very much alive. A number of its mechanisms are still used in third-party applications, as well as in the new Microsoft Edge browser. Therefore, attackers continue to search for vulnerabilities that can be exploited using IE. CVE-2025-33053 is one of them. It allows attackers to execute arbitrary code if the victim clicks on a link to a WebDAV server they control. That is, all that is required of the attackers is to convince the victim to follow the link. The exact operating principle of the exploit for this vulnerability has not yet been publicly disclosed, but according to the Check Point researchers who initially found CVE-2025-33053, exploitation occurs through manipulations with the working directory of a “legitimate Windows tool”.

Who can exploit CVE-2025-33053, and how?

Check Point researchers discovered exploitation of this vulnerability in attacks attributed to the Stealth Falcon APT group — known to be operating in the Middle East. However, it’s obvious that after the publication of the research and the update to the system itself, other cybercriminals will try to reverse engineer the patch and create their own exploits as soon as possible. The ease of exploitation and prevalence of the vulnerable browser makes CVE-2025-33053 an ideal candidate for malware delivery — especially ransomware.

How to stay safe?

Windows operating systems should be updated as soon as possible. Microsoft has released patches even for the outdated Windows Server 2012 and Windows 8 (you can find them in the description of CVE-2025-33053). In addition, we recommend using reliable security solutions on all devices used for internet access — they’re able to detect both attempts to exploit vulnerabilities and the launch of malicious code. It also makes sense to regularly raise employee security awareness (for example, using the Kaspersky Automated Security Awareness Platform), because most modern cyberattacks begin with emails or other messages from attackers — who most often use fairly standard tricks.

Kaspersky study looks at how cybercriminals use games, TV shows, and anime to target Gen Z

How hackers target Gen Z

Malicious actors are busy setting up fake Netflix websites, trying to trick visitors into paying for supposedly legitimate subscriptions, and promising in-game currency and skins for popular games. How else are they scamming Gen Zers, and what can we do to fight back?

Kaspersky study looks at how cybercriminals use games, TV shows, and anime to target Gen Z
Tips
Sign up to receive our headlines in your inbox
  • For all other countries