Situatie

On June 10th, Microsoft addressed a zero-day vulnerability — CVE-2025-33053, a Remote Code Execution (RCE) flaw in the WebDAV component of Windows. Researchers at Check Point reported that the APT group Stealth Falcon had actively exploited this flaw in targeted attacks.

Technical Details:

• Attackers used malicious .url files that leveraged iediagcmd.exe (a signed Windows executable) to sideload malicious DLLs via trusted locations.

• This chain led to the deployment of Horus Agent, a backdoor with advanced evasion and persistence tactics.

• The vulnerability affects systems where WebDAV is enabled, especially those that interact with remote content or shared locations.

Impact & Recommendations:

• Already exploited in the wild

• Patch released via June Patch Tuesday – urgently apply all updates

• Disable WebDAV where not required

• Monitor event logs and audit execution from signed binaries in unusual directories.

Solutie

Tip solutie

Permanent