CISA warns high-severity Windows SMB flaw now exploited in attacks, so update now

2 hours ago 29

(Image credit: TechRadar)

CVE-2025-33073 sees Windows users face an SMB vulnerability
Microsoft issued a fix in June 2025 – make sure you’re up to date
Google’s researchers were among those who discovered it

Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB.

The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list on October 20.

Thankfully, Microsoft has already issued a fix for this, so anybody who applied June 2025’s Patch Tuesday update should be safe, but those who haven’t should act promptly.

CISA says this Microsoft vulnerability has been exploited

The bug comes from improper access controls in SMB (Server Message Block), which allows users and applications to access files or folders on remote systems as if they were local. For example, files and printers can be shared between computers.

“An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate,” CISA wrote.

Successful attacks cold grant system-level privileges.

Microsoft has not commented on the new of exploitation, however the company did already fix the issue, so it’s on users to ensure that they’re updated.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Besides installing all updates – not just the June patch – to maintain maximum protection against bugs and vulnerabilities, users can monitor for unusual outbound SMB traffic in this instance.

Restricting SMB exposure to just trusted networks would also minimize potential leaks.

Microsoft credited researchers from CrowdStrike, Google’s Project Zero and more for bringing the issue to light.

Cybersecurity company Vicarius has published a detection script to identify whether a user’s Windows version is affected by the CVE, if SMB signing is enabled, and to detail a fix.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read Entire Article