Threat actors are actively exploiting CVE-2025-33073, a Windows SMB privilege escalation vulnerability, to gain SYSTEM privileges on unpatched systems. Microsoft has patched the flaw, but exploitation continues, prompting urgent system updates for organizations. #CISA #CVE202533073
Keypoints
- The vulnerability affects all versions of Windows Server, Windows 10, and Windows 11 up to 24H2.
- Exploitation involves convincing victims to connect to malicious SMB applications to escalate privileges.
- Microsoft released a patch in June 2025, but the flaw is still actively exploited by attackers.
- Multiple security researchers, including those from CrowdStrike and Google Project Zero, contributed to discovering the flaw.
- CISA has added the vulnerability to its Exploited Vulnerabilities Catalog, requiring federal agencies to patch by November 10.