Act Fast! SMB Vulnerability Lets Attackers Gain SYSTEM-Level Access

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a high-severity privilege escalation vulnerability in Windows Server Message Block (SMB) that is now being actively exploited in the wild. This vulnerability, tracked as CVE-2025-33073, could allow attackers to gain SYSTEM privileges on vulnerable systems, making it critical to apply the necessary patches.

CVE-2025-33073 is a high-severity vulnerability affecting all versions of Windows Server and Windows 10, as well as Windows 11 systems up to version 24H2. The root cause of this vulnerability lies in an improper access control weakness within the SMB protocol, which allows a malicious actor to elevate their privileges over a network.

Microsoft addressed this vulnerability as part of their June 2025 Patch Tuesday release. According to their advisory, an attacker could exploit this flaw by convincing a victim to connect to a malicious SMB server. Upon connection, the attacker-controlled server could compromise the protocol, potentially leading to privilege escalation.

The attack scenario involves an attacker executing a specially crafted malicious script to coerce the victim machine to connect back to the attacker’s system using SMB and authenticate. Successful exploitation could result in the attacker gaining elevated privileges, potentially taking full control of the compromised system.

This vulnerability impacts a broad range of Microsoft operating systems, including:

• Windows Server
• Windows 10
• Windows 11 (up to version 24H2)

CISA has added this flaw to its Known Exploited Vulnerabilities Catalog, highlighting the urgency for remediation. Federal Civilian Executive Branch (FCEB) agencies have been given a deadline of November 10, 2025, to secure their systems, as mandated by Binding Operational Directive (BOD) 22-01.

While BOD 22-01 specifically targets federal agencies, CISA strongly encourages all organizations, including those in the private sector, to prioritize patching this actively exploited vulnerability as soon as possible. The agency emphasizes that these types of vulnerabilities are frequently used as attack vectors by malicious cyber actors and pose significant risks.

The exploitation of CVE-2025-33073 aligns with several tactics, techniques, and procedures (TTPs) commonly employed by attackers, as defined by the MITRE ATT&CK framework:

• TA0004 – Privilege Escalation: Attackers exploit the vulnerability to gain higher-level permissions on the system, potentially achieving SYSTEM level access.
• TA0001 – Initial Access: An attacker might use social engineering or other methods to trick a user into connecting to a malicious SMB server, thus gaining initial access to the system.
• T1068 – Exploitation for Privilege Escalation: This involves leveraging the vulnerability to escalate privileges.
• T1210 – Exploitation of Remote Services: Attackers exploit vulnerabilities in remotely accessible services like SMB to gain unauthorized access or escalate privileges.

The primary mitigation step is to apply the security updates released by Microsoft as part of the June 2025 Patch Tuesday. Organizations should prioritize patching all affected systems, including Windows Server, Windows 10, and Windows 11 installations. Given that this vulnerability is actively being exploited, it is crucial to implement this patch as quickly as possible.

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.