CISA warns of active exploitation of Windows SMB privilege escalation flaw
Take action: Active hacking is the first great reason to patch your Windows OS. Hackers don't care that patching is a hassle. They will find a way to exploit the flaws you haven't fixed.
Learn More
CISA has issued an alert warning that hackers are actively exploiting a high-severity privilege escalation vulnerability in Windows Server Message Block (SMB) that enables attackers to gain SYSTEM-level privileges on unpatched systems.
The vulnerability is tracked as CVE-2025-33073 (CVSS score 8.8), impacts all versions of Windows Server and Windows 10, as well as Windows 11 systems up to and including Windows 11 24H2. Microsoft patched this vulnerability during its June 2025 Patch Tuesday.
An attacker could convince a victim to connect to a malicious application server controlled by the attacker, such as an SMB server. After establishing this connection, the malicious server could compromise the protocol.
CISA is mandating that Federal Civilian Executive Branch (FCEB) agencies secure their systems by November 10, 2025, in accordance with Binding Operational Directive (BOD) 22-01.
Organizations should immediately apply the June 2025 security updates from Microsoft to all affected Windows systems.
