Microsoft Patches Zero-Day Exploited by Emirati Hackers

Check Point: 'Stealth Falcon' Exploited WebDAV Flaw Akshaya Asokan (asokan_akshaya) • June 11, 2025

Microsoft patched a zero-day vulnerability in its web application framework exploited by an Emirati threat group as part of an espionage campaign in the Middle East and Africa.

See Also: Securing Your Workforce with Datto RMM: Automating Patching, Hardening, and Backups

The flaw, tracked as CVE-2025-33053, is a remote code execution vulnerability in Web Distributed Authoring and Versioning, or WebDAV. The feature is a hypertext transfer protocol extension that enables users to manage files on remote web servers.

The company patched the flaw Tuesday as part of its monthly dump of vulnerability fixes. Cybersecurity firm Check Point uncovered a hacking campaign by Stealth Falcon, a nation-state group known for cyberespionage, using the zero-day to deploy malware including keyloggers, passive backdoors, and a credential dumper. The ...