Microsoft has just fixed a security flaw discovered in the Windows code. The vulnerability is located in WebDAV, a Microsoft protocol used to modify and manage files remotely over the Internet. It allows an attacker totake control of a vulnerable computer remotely. All the victim has to do is click on a specially crafted malicious link to activate the vulnerability. Once triggered, the cyberattack is invisible to the computer's owner. The attacker can then suck up all the data from the machine without being detected.
A flaw exploited by Stealth Falcon cybercriminals
According to research conducted by Check Point, the flaw was actively exploited by Stealth Falcon hackers, also known as FruityArmor. Emerging in 2012, the criminal gang specializes in cyberespionage. Funded by the United Arab Emirates, it is believed to be part of a secret surveillance program called Project Raven, run from Abu Dhabi. The group is tasked with monitoring and spying on political dissidents, journalists, and human rights defenders who criticize the Emirati regime. Check Point experts discovered that Stealth Falcon used the vulnerability to conduct espionage operations against journalists. To trap their targets, the hackers used a booby-trapped WebDAV URL. Once the target clicks on this link, hackers can execute "files hosted on a WebDAV server" on the computer.
The cyberattack relies on Horus, a spy implant customized by Stealth Falcon. Once on the computer, it can record everything typed on the keyboard, take screenshots, access files, install other invisible software, and communicate with the control server in a stealthy manner. According to Check Point, Stealth Falcon "continuously evolves to become even more effective" by deploying "significant efforts to improve the stealth and resilience" of their tools.
Microsoft patches 66 Windows vulnerabilities
Alerted by Check Point, Microsoft was quick to patch the breach. The publisher has indeed included a fix in the latest Patch Tuesday, deployed on June 10, 2025. In the process, the American group corrected 65 other vulnerabilities scattered throughout the operating system code.
This includes a critical flaw that was publicly disclosed before the patch was available. This is located in SMB (Server Message Block), a protocol used by Windows to share files, printers, or folders over a network. If exploited, it allows an attacker to gain system privileges on the machine. Although Microsoft has not detected any active exploitation at this time, the vulnerability is public. Any hacker could want to leverage the flaw to launch an offensive.
As Tenable tells us, Microsoft has already patched a huge number of vulnerabilities in Windows code this year. In fact, the number of flaws "patched in 2025 already brings us close to half of last year's total of 1,009." To protect yourself from attacks, it's recommended that you install the security update without delay. To do this, open your Windows PC's Settings, go to Update & Security, and then click Check for updates. If an update is available, it will be downloaded and installed automatically on your computer.
Source: Check Point
0 Comments