A high-severity vulnerability in Windows SMB (Server Message Block) is being actively exploited by threat actors, allowing them to gain SYSTEM privileges on unpatched systems. Tracked as CVE-2025-33073, this flaw affects all versions of Windows Server and Windows 10, including the latest Windows 11 systems up to Windows 11 24H2.
Microsoft patched the vulnerability during its June 2025 Patch Tuesday, which also revealed that it stems from an improper access control weakness. To exploit the vulnerability, attackers can execute a specially crafted malicious script, convincing a victim’s machine to connect back to an attacker-controlled server using SMB and authenticate, resulting in privilege elevation.
CISA has added the flaw to its Known Exploited Vulnerabilities Catalog, urging Federal Civilian Executive Branch agencies to secure their systems by November 10. While the agency has not disclosed more information about ongoing attacks, it cautions that these vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to federal enterprises.
Organizations should patch this vulnerability as soon as possible to prevent exploitation.
Source: https://www.bleepingcomputer.com/news/security/cisa-high-severity-windows-smb-flaw-now-exploited-in-attacks