Microsoft has issued a critical security warning for its Windows and Office users, with the Indian Computer Emergency Response Team (CERT-In) echoing the alert in a high-severity advisory dated June 12, 2025.
The vulnerability in question—CVE-2025-33053—affects the Web Distributed Authoring and Versioning (WebDAV) server and stems from improper validation of file names or paths. CERT-In warns that attackers can exploit this flaw by tricking users into opening maliciously crafted files, enabling remote code execution on a compromised WebDAV server. Notably, the vulnerability is already being actively exploited in the wild.
According to CERT-In, the following Microsoft products are at risk:
- Microsoft Windows
- Microsoft Office
- Azure
- Developer Tools
- Extended Security Updates (ESU) for legThe advisory highlights the potential for attackers to extract sensitive data, including passwords and financial information, and warns of increased ransomware threats targeting businesses.
- Microsoft has acknowledged the issue and released patches to address the vulnerability. Users are strongly advised to:
- Enable automatic updates
- Install the latest security patches
- Reboot their systems to apply changes
Microsoft claims to have figured out the issues and found a way to fix these loopholes that can make it easy for hackers to target systems. We suggest you go to settings, enable auto-update Windows and reboot the system to have the new version installed to keep your PC safe.
