Patchday: Attackers attack Windows via Internet Explorer components
Important security updates have been released for Office and Visual Studio, among others. Windows is already being targeted by attackers.
(Image: heise online)
To prevent current attacks on various Windows and Windows server versions, admins must ensure that they have activated Windows Update and have the latest patches installed. There are also security updates for other Microsoft products.
Patch now!
According to a warning message from Microsoft, attackers are currently exploiting a Windows vulnerability (CVE-2025-33053 / EUVD-2025-17721, CVSS 8.8, risk "high"). They use it to push malicious code onto systems and compromise them. The vulnerability affects various components of the now discontinued Internet Explorer 11, including EdgeHTML and MSHTML. WebView, for example, uses the EdgeHTML platform. However, the components are also used by other legacy applications.
For attacks to be successful, however, victims must click on a prepared link. If attackers manage to do this, they can execute malicious code. According to Microsoft, all Windows and Windows Server versions currently in support are impacted, as well as editions that are no longer supported, such as Windows Server 2008. These editions are apparently still receiving security patches due to the dangerous nature of the vulnerability.
It is currently unclear to what extent the attacks are taking place and how admins can recognize systems that have already been attacked.
Further dangers
A vulnerability in Windows SMB(CVE-2025-33073 / EUVD-2025-17737, CVSS 8.8, risk "high") is publicly known and attacks may be imminent. Due to inadequate access controls, attackers can gain higher user rights in this context. Microsoft classifies several vulnerabilities (such as CVE-2025-47162 / EUVD-2025-17768, CVSS 8.4, risk "high") in Office and SharePoint Server, among others, as critical. Malicious code can get onto PCs at these points. The starting point for the Office vulnerabilities is the preview function. The security updates for Microsoft 365 are to follow.
Videos by heise
In the Security Update Guide, Microsoft lists further information on all vulnerabilities closed on this June Patchday and threatened Windows editions.
(des)
