In the monthly Patch Tuesday, Microsoft resolves 66 vulnerabilities.
Microsoft has released its monthly Patch Tuesday update, with patches for 66 security vulnerabilities. These include two vulnerabilities that are already being actively exploited, and ten critical flaws that need to be patched as soon as possible.
Zero-day in WebDAV
One of the most urgent vulnerabilities is CVE-2025-33053, which has been exploited since March by the hacker collective Stealth Falcon in attacks in the Middle East. It’s a flaw in the WebDAV extension, allowing attackers to remotely execute code via a link. Microsoft is even releasing patches for outdated systems such as Windows Server 2008 and Internet Explorer.
CVE-2025-5419, a memory error in the V8 JavaScript engine of Chromium (and thus also Edge), is also being actively attacked. Google already patched this vulnerability, and Microsoft is now including it in its own update package.
Other Priority Patches
Another important patch is for CVE-2025-33073, a vulnerability in the Windows SMB client protocol. Proof-of-concept code is already available for this, but there are no reports of active attacks yet.
Additionally, Microsoft addresses four critical vulnerabilities in Office, including three bugs that can be exploited via the Preview window. Other patches focus on SharePoint, Schannel, Remote Desktop Gateway, and the KDC Proxy Service.
Adobe and other Updates
Adobe Commerce tops Adobe “’s priority list this month, writes The Register. Updates are available for versions up to 2.4.8. Furthermore, Adobe is releasing major updates for Experience Manager (with 254 CVE” s), Acrobat (10 vulnerabilities), InDesign (9), and other products.
Fortinet and SAP are also addressing important vulnerabilities in their platforms. The advice remains the same as always: install the updates as soon as possible.