Microsoft is currently grappling with a significant security vulnerability that has caught the attention of the US Cybersecurity and Infrastructure Security Agency (CISA). The agency has issued a warning regarding active attacks targeting a flaw in the Windows Server Message Block (SMB) client, a bug that affects millions of systems globally.
Despite Microsoft releasing a patch for this vulnerability, it remains a target for exploitation by malicious actors. CISA has officially added this issue to its Known Exploited Vulnerabilities (KEV) Catalog, underscoring the urgency of the situation.
CISA’s warning is part of a larger initiative by the US government aimed at encouraging organizations to expedite their patching processes and address critical security vulnerabilities before they escalate into more severe incidents.
Five new vulnerabilities
In a recent update, CISA has included five new vulnerabilities in the KEV catalog, confirming that these flaws are actively being exploited by cybercriminals. The vulnerabilities span products from notable companies such as Apple, Kentico Xperience, Microsoft, and Oracle, impacting a diverse array of business environments.
Among these newly identified vulnerabilities is the critical flaw in the Microsoft Windows SMB client, designated as CVE-2025-33073. This vulnerability is particularly concerning, boasting a CVSS score of 8.8, which indicates a high risk for organizations that have yet to implement the necessary updates.
The flaw specifically affects the client side of the SMB protocol, a vital component for file sharing and network access in nearly all Windows environments, as reported by The Register. This vulnerability allows attackers to deceive a Windows system into connecting with a malicious SMB server. Once this connection is established, the attackers can execute their plans remotely, gaining elevated access privileges.
CISA has highlighted that many systems remain unpatched, despite the availability of a fix released by Microsoft in June 2025. In response, the agency has mandated that all federal government agencies must install the update by November 10, in accordance with Binding Operational Directive 22-01.
Private organizations are also strongly encouraged to assess their patch status. If immediate updates are not feasible, CISA recommends implementing temporary measures such as:
- Restricting SMB traffic
- Segmenting internal networks
- Monitoring for unusual outgoing traffic
