Critical Windows SMB Client Flaw Exposes Systems to Privilege Escalation Attacks

Cybersecurity officials are sounding the alarm as CISA flags a critical Windows SMB client flaw that hackers are actively exploiting. The vulnerability, which allows attackers to gain system-level control, underscores the urgent need for organizations to patch their systems before it’s too late.

The Windows SMB (Server Message Block) client is a network protocol component in Windows that enables systems to communicate and share resources like files, printers, and serial ports over a network. It allows a Windows machine to connect to remote servers or devices that support SMB, which facilitates access to shared folders and services.

CISA added this 8.8-rated vulnerability (tracked as CVE-2025-33073) to its Known Exploited Vulnerabilities (KEV) catalog on October 20. It affects Windows 11, Windows 10, and all supported versions of Windows Server. Microsoft originally addressed the Windows SMB client vulnerability with the June 2025 Patch Tuesday updates.

Attackers can trick a victim’s machine into connecting to a malicious SMB server, which then compromises the protocol and potentially elevates privileges within the enterprise network. CISA recommends that the June 2025 security update should be fully deployed across all systems to patch the Windows SMB vulnerability.