The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a high-severity Windows Server Message Block (SMB) vulnerability is now being actively exploited. Tracked as CVE-2025-33073, this flaw enables authenticated attackers to escalate their privileges to SYSTEM level on affected systems. The vulnerability impacts a wide range of Windows versions, including Windows 10, 11, and various Windows Server releases.
Microsoft addressed the issue in its June 2025 Patch Tuesday, attributing the flaw to an improper access control weakness. Exploitation requires tricking a victim into connecting to a malicious SMB server, which then compromises the protocol to achieve privilege elevation. Although details were publicly known before the patch, this is the first official confirmation of in-the-wild attacks.
CISA has added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies to apply patches by November 10. While the directive is for federal bodies, CISA strongly advises all organizations to prioritize this update. The agency warns that such vulnerabilities are common attack vectors and pose a substantial risk to network security.
Read more...