Zero-Day Vulnerabilities Expose Millions of Windows PCs—Update Now, Experts Warn

Microsoft has acted swiftly following the discovery of two critical zero-day vulnerabilities in the Windows operating system. In its June security update, the company has addressed these flaws along with a total of 66 security vulnerabilities. However, cybersecurity experts have confirmed that at least one of the zero-day vulnerabilities has already been exploited by hackers, raising serious concerns across the global cybersecurity community.

Zero-day vulnerabilities refer to security flaws that are exploited by cybercriminals before software developers become aware of them, making them especially dangerous. The two vulnerabilities identified this time were found in:

• Web Distributed Authoring and Versioning (WebDAV) service, and

• Server Message Block (SMB) client technology

These flaws could allow attackers to gain remote access and control over targeted computers.

The vulnerabilities have been officially listed in the international cybersecurity database as:

• CVE-2025-33053

• CVE-2025-33073

According to cybersecurity firm Check Point Research, the first of these vulnerabilities was used in a cyberattack on a Turkish defense organization in March 2025. Upon receiving this intelligence, Microsoft verified the threat and released a security patch on 10 June to mitigate the issue.

The June patch addressed not only these two zero-days but also:

• 25 Remote Code Execution (RCE) vulnerabilities

• 13 Privilege Escalation flaws

• 17 Information Disclosure vulnerabilities

• 6 Denial-of-Service (DoS) risks

• 3 Security Bypass weaknesses

• 2 Spoofing-related flaws

Cybersecurity analysts warn that any one of these flaws, if exploited, could allow hackers to take control of entire systems, steal sensitive data, or bypass identity and access controls.

Experts strongly recommend immediate installation of the latest June security update, especially for government and military systems, where such vulnerabilities pose a significant national security risk.

Cybersecurity specialist Mehedi Hasan stated:

“A zero-day flaw is like giving hackers a master key to the system—often before the owner even knows a door exists. A single moment’s delay could lead to catastrophic damage.”

PNN advises all Windows users—individuals, institutions, and organizations—to prioritize this critical update without delay to safeguard their systems and data.

Photo: Collected