Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

June 2025 Patch Tuesday: Exploited WebDAV Flaw & Office Risks

Fortra
05/12/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


and I'm here to talk to you about this month's Patch Tuesday. There's not a lot I'm going to talk about, there's just two things I want to touch on, so we'll just jump right into those. The first thing I want to talk to you about is CVE-2025-33053. This is the one CVE that Microsoft listed as exploit detected. There's a great blog post out there from Checkpoint if you want to check it out, with all the details on this vulnerability, but essentially what it is, is a .URL shortcut file that links to a WebDAV server and allows for code execution. So take a look at the blog post, make sure you're updated for this one, because it is seeing active exploitation. The other thing I want to touch on is the four Office updates, specifically Microsoft Office 365, that are all preview pane affected. I'm not going to list the CVEs, because there are a bunch of them, but they're all the Office ones. Whenever you see preview pane affected, that means that when you receive an email, if your preview is turned on, the exploit has a chance to run immediately without any interaction from you. One of the big things here is that the Microsoft 365 Office client specifically does not have updates available yet. So we'll have to wait for Microsoft to release those. Thankfully, there are no exploits at the moment for these, so the risk is relatively low, but something to keep in mind and keep an eye out for those updates when they do get released in the future. Once again, I'm Tyler Reguli, and this has been your June Patch Tuesday update. Thank you. Microsoft Mechanics www.microsoft.com

TL;DR

  • CVE-2025-33053 is actively exploited in the wild, involving malicious .URL shortcut files that link to WebDAV servers to achieve code execution—immediate patching is critical.
  • Four Microsoft Office 365 vulnerabilities are preview pane-affected, meaning exploits could trigger automatically when emails are opened without any user interaction required.
  • Microsoft 365 Office client patches are not yet available for the preview pane vulnerabilities, though no active exploits currently exist, creating a window of exposure to monitor.

Summary

Tyler Reguly, Associate Director of Security R&D at Fortra, provides a focused analysis of June 2025's Microsoft Patch Tuesday, highlighting two critical areas requiring immediate attention from security teams. The briefing covers an actively exploited vulnerability involving .URL shortcut files and WebDAV servers (CVE-2025-33053), which has been documented by Checkpoint researchers and requires urgent patching. Additionally, Reguly addresses four Microsoft Office 365 vulnerabilities that are preview pane-affected, meaning they could execute without user interaction when emails are opened. Notably, patches for the Microsoft 365 Office client are not yet available, creating a temporary exposure window that defenders should monitor. This concise update helps security practitioners prioritize their patching efforts for the month and understand the specific risks associated with each vulnerability class.

Chapters

0:00 - Introduction
0:13 - CVE-2025-33053 Actively Exploited
0:45 - Office 365 Preview Pane Vulnerabilities
1:34 - Closing

Key Quotes

0:18 "This is the one CVE that Microsoft listed as exploit detected."
0:30 "... a .URL shortcut file that links to a WebDAV server and allows for code execution."
1:06 "... if your preview is turned on, the exploit has a chance to run immediately without any interaction from you."

Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Vulnerability Management
  • Threat Intelligence
  • Email Security
  • Technical Deep Dive
  • Patch Tuesday
  • Microsoft Security Updates
  • CVE-2025-33053
  • WebDAV Exploitation
  • Office 365 Vulnerabilities
  • Preview Pane Attacks
  • Zero-Day Threats
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: June 2025 Patch Tuesday: Exploited WebDAV Flaw & Office Risks

              Upcoming Webinar Calendar

              • 06/30/2026
                01:00 PM
                06/30/2026
                Master Active Directory Certificate Services and Maintain Your Edge
                https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-and-maintain-your-edge/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Integrating Security in AI: Automated Red Teaming Strategies for Private Models
                https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
              • 07/01/2026
                04:00 AM
                07/01/2026
                Schutz von KI in Anwendungen, Agenten und APIs.
                https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
              • 07/01/2026
                01:00 PM
                07/01/2026
                How to Prevent Your AI from Outsmarting You
                https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-outsmarting-you/
              • 07/02/2026
                10:00 AM
                07/02/2026
                Resilience Insights from Hybrid Threats in a Dark Cloud Environment
                https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-in-a-dark-cloud-environment/
              • 07/08/2026
                02:00 PM
                07/08/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Maximum Defense Effectiveness
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-maximum-defense-effectiveness/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies from the DPDP Webinar
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-from-the-dpdp-webinar/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Get Prepared to Thrive as an Agent in Just 30 Days
                https://www.truthinit.com/index.php/channel/2036/get-prepared-to-thrive-as-an-agent-in-just-30-days/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jun
                30

                Master Active Directory Certificate Services and Maintain Your Edge

                06/30/202601:00 PM ET
                • Jul
                  01

                  Schutz von KI in Anwendungen, Agenten und APIs.

                  07/01/202604:00 AM ET
                  • Jul
                    01

                    Integrating Security in AI: Automated Red Teaming Strategies for Private Models

                    07/01/202604:00 AM ET
                    • Jul
                      01

                      How to Prevent Your AI from Outsmarting You

                      07/01/202601:00 PM ET
                      • Jul
                        02

                        Resilience Insights from Hybrid Threats in a Dark Cloud Environment

                        07/02/202610:00 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version