Hackers are actively exploiting Windows SMB component vulnerability, which enables them to gain SYSTEM privileges over a network. The flaw affects all unpatched Windows systems. Microsoft released an update in June, 2025.
The US cybersecurity agency CISA has added Microsoft Windows SMB client improper access control vulnerability (CVE-2025-33073) to its Known Exploited Vulnerabilities (KEV) catalog.
This means that the flaw has become a frequent attack vector for cyberthreat actors and poses a significant risk. CISA updates its catalog based on evidence of active exploitation.
SMB (Server Message Block) communication protocol is a core part of how millions of Windows computers share files, data, and printers across networks. It powers network data storage and supports many other everyday workplace functions.
An exploit of this protocol can be devastating.
With a severity rating of 8.8 out of 10, the SMB flaw was publicly disclosed in June, and Microsoft warned that an attacker who successfully exploited the vulnerability could gain SYSTEM privileges.
This leads to unauthorized access to sensitive information, system modifications, and complete system compromise. Proof of concept code have been available on GitHub for a while now.
“The attacker could convince a victim to connect to an attacker controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol,” Microsoft previously explained.
Curious what others think about this story? Contribute your thoughts to the debate below.
To elevate privileges, attacks would need to execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
Cybersecurity firms have previously warned about the active exploitation of this flaw. The hackers only need to have domain access, and the exploitation is trivial.
For example, Synacktiv researchers said that the bug allows an authenticated remote attacker to execute arbitrary commands as SYSTEM on any machine which does not enforce SMB signing.
“It is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing,” the researchers said.
RedTeam Pentesting researchers independently reproduced this vulnerability on Windows 10, 11 as well as Server 2019 through 2025.
The Cybersecurity and Infrastructure Security Agency (CISA) directed federal agencies to immediately update their systems, setting November 10th as the deadline.
Your email address will not be published. Required fields are markedmarked