Full Report
CISA adds high-severity flaw to KEV list, urges swift updating Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited – months after it was patched.…
Analysis Summary
# Active Exploitation of Patched Windows SMB Vuln
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a high-severity flaw in Microsoft's Windows SMB client is being actively exploited, months after it was patched. The bug, tracked as [CVE-2025-33073](hxxps://malicious[.]com), affects Windows 10, Windows 11 (up to version 24H2), and all supported versions of Windows Server.
## Key Points
- A high-severity flaw in Microsoft's Windows SMB client is being actively exploited.
- The bug was patched during June 2025 Patch Tuesday rollout.
- CISA has ordered federal civilian agencies to apply the relevant patches or remove affected systems from operation by November 10.
- The exploit combines network accessibility and privilege escalation, making it useful for threat actors.
## Threat Actors
- [No specific attribution available]
- Associated groups/campaigns: not specified
## TTPs
- Network accessibility
- Privilege escalation
- Use of specially crafted malicious scripts to coerce victim machines into connecting back to the attack system using SMB and authenticating.
## Affected Systems
- Windows 10
- Windows 11 (up to version 24H2)
- All supported versions of Windows Server
## Mitigations
- Apply the relevant patches or remove affected systems from operation.
- Check that June's update has been applied across all endpoints and servers.
- Monitor for unusual outbound SMB traffic and restrict unnecessary exposure of the protocol to untrusted networks.
## Conclusion
CISA urges organizations to patch immediately, citing evidence of active exploitation. Security teams should prioritize applying the relevant patches and monitoring for unusual SMB activity to prevent potential attacks.