Microsoft warns of 66 flaws to fix for this Patch Tuesday, and two are under active attack

Patch Tuesday It's Patch Tuesday time again, and Microsoft is warning that there are a bunch of critical fixes to sort out - and two actively exploited bugs.

Redmond reported 66 flaws to be fixed in its monthly patch bundle, including one that was a zero-day until 1000 Pacific Time today. There are ten critical patches, but two of the important ones are under active exploitation, and Microsoft has taken the unusual step of issuing patches for one bug all the way back to out-of-support platforms like Windows Server 2008 and the three-years-dead Internet Explorer's underlying components.

The hole, CVE-2025-33053, has been exploited since March by the Stealth Falcon hacking crew, who have been active for over 10 years and have made a name for themselves exploiting zero-days in targeted attacks across the Middle East. The vulnerability is in the Web Distributed Authoring and Versioning (WebDAV) remote file sharing ...