Feds flag active exploitation of patched Windows SMB vuln

Uncle Sam's cyber wardens have warned that a high-severity flaw in Microsoft's Windows SMB client is now being actively exploited – months after it was patched.

The bug, tracked as CVE-2025-33073, was added to CISA's Known Exploited Vulnerabilities (KEV) catalogue on October 20, confirming that real-world attackers are using the vulnerability in ongoing campaigns. The flaw, rated 8.8 on the CVSS scale, affects Windows 10, Windows 11 (up to version 24H2), and all supported versions of Windows Server.

Microsoft initially fixed the bug during its June 2025 Patch Tuesday rollout, warning that an attacker could exploit it by convincing a victim machine to connect to a malicious SMB server, potentially allowing privilege escalation or lateral movement inside a network.

"The attacker could convince a victim to connect to an attacker-controlled malicious application (for example, SMB) server. Upon connecting, the malicious server could compromise the protocol," Redmond explained ...