"Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited - months after it was patched. The bug, tracked as CVE-2025-33073, was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on October 20, confirming that real-world attackers are using the vulnerability in ongoing campaigns. The flaw, rated 8.8 on the CVSS scale, affects Windows 10, Windows 11 (up to version 24H2), and all supported versions of Windows Server."
"Microsoft initially fixed the bug during its June 2025 Patch Tuesday rollout, warning that an attacker could exploit it by convincing a victim machine to connect to a malicious SMB server, potentially allowing privilege escalation or lateral movement inside a network. "The attacker could convince a victim to connect to an attacker-controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol," Redmond explained at the time."
CVE-2025-33073 is a high-severity vulnerability in the Windows SMB client with a CVSS score of 8.8. The bug affects Windows 10, Windows 11 up to 24H2, and all supported Windows Server releases. Microsoft released a patch during June 2025 Patch Tuesday that addressed an attack vector where an attacker coerces a victim to connect to a malicious SMB server to authenticate, enabling privilege escalation and lateral movement. CISA added the flaw to its Known Exploited Vulnerabilities catalogue on October 20 and ordered federal agencies to patch or remove affected systems by November 10 under BOD 22-01. CISA urged all organizations to patch immediately.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]