The U.S. Cybersecurity and Infrastructure Agency has issued a warning relating to an actively targeted Microsoft Windows vulnerability that can be found in unpatched versions of Windows 10, Windows 11 and Windows Server.

Tracked as CVE-2025-33073, the vulnerability affects the Windows Server Message Block client, a core component used for file and printer sharing and network resource access across enterprise environments. The flaw carries a Common Vulnerability Scoring System score of 8.8 — high-severity.

The vulnerability was originally patched by Microsoft in its June 2025 Patch Tuesday release, but as is not unusual, not all Windows installs were patched, leading to the active exploitation of the vulnerability and now the warning from CISA.

To exploit the vulnerability, an attacker can trick a Windows client into initiating a connection with an SMB server the attacker controls. Once the authentication process begins, the exploit can be triggered remotely, giving the attacker elevated access.

As the issue affects the client side rather than the server side, nearly any Windows system that connects to networked resources could be vulnerable if not patched.

In addition to the warning, CISA is directing all federal civilian agencies to apply Microsoft’s security update by Nov. 10 under Binding Operational Directive 22-01. The agency is also urging private organizations to verify patch compliance and if immediate remediation is not possible, to apply network mitigations such as restricting SMB access, segmenting internal networks and monitoring for unusual outbound SMB traffic.

John Carberry, chief marketing officer at cybersecurity firm Xcape Inc., told SiliconANGLE via email that “the vulnerability, which affects all modern Windows Server and Windows client versions, arises from an inappropriate access control weakness in the SMB protocol.”

“Attackers are utilizing sophisticated coercion techniques – tricking target machines into connecting to malicious servers – to breach the protocol and elevate access,” he said. “The immediate danger this vulnerability provides to all enterprises using unprotected Windows installations is demonstrated by the fact that federal agencies have been given an urgent deadline of November 10 to patch. High-privilege attackers will find the digital front door unlocked if your security team hasn’t patched and restricted outgoing SMB.”

Andrew Obadiaru, chief information security officer at offensive security services provider Cobalt Labs Inc., said this is a reminder that patching and vulnerability scanning aren’t the same as true resilience.

“The lag between disclosure and exploitation is shrinking, and adversaries are quick to capitalize on unpatched systems even within well-defended networks,” added Obadiaru. “Continuous offensive testing — validating exploitability in real-world conditions — remains one of the most effective ways to ensure critical exposures are prioritized and remediated before attackers strike.”

Image: SiliconANGLE/Ideogram