Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

CISA warns high-severity Windows SMB flaw now exploited in attacks, so update now

Windows 10 event header.
  • CVE-2025-33073 sees Windows users face an SMB vulnerability
  • Microsoft issued a fix in June 2025 – make sure you’re up to date
  • Google’s researchers were among those who discovered it

Microsoft has acknowledged older versions of Windows 10, Windows 11 and Windows Server could be exploited due to a vulnerability related to SMB.

The vulnerability, tracked as CVE-2025-33073 with a score of 8.8, was added to America’s Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) list on October 20.

Thankfully, Microsoft has already issued a fix for this, so anybody who applied June 2025’s Patch Tuesday update should be safe, but those who haven’t should act promptly.

CISA says this Microsoft vulnerability has been exploited

The bug comes from improper access controls in SMB (Server Message Block), which allows users and applications to access files or folders on remote systems as if they were local. For example, files and printers can be shared between computers.

“An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate,” CISA wrote.

Successful attacks cold grant system-level privileges.

Microsoft has not commented on the new of exploitation, however the company did already fix the issue, so it’s on users to ensure that they’re updated.

Besides installing all updates – not just the June patch – to maintain maximum protection against bugs and vulnerabilities, users can monitor for unusual outbound SMB traffic in this instance.

Restricting SMB exposure to just trusted networks would also minimize potential leaks.

Microsoft credited researchers from CrowdStrike, Google’s Project Zero and more for bringing the issue to light.

Cybersecurity company Vicarius has published a detection script to identify whether a user’s Windows version is affected by the CVE, if SMB signing is enabled, and to detail a fix.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.