Microsoft Issues Emergency Fix For Severe Windows SMB Vulnerability — Update Now
Microsoft is urging Windows users to install the June Patch Tuesday updates without delay after disclosing CVE-2025-33073, a high-severity flaw that can let an attacker seize full control of a PC or server. The bug carries a CVSS v3.1 score of 8.8 and affects all supported editions of Windows 10 and 11, as well as numerous server builds.
What CVE-2025-33073 Allows
-
Privilege escalation to SYSTEM – Successful exploitation grants the highest Windows privileges, enabling an attacker to run any command, install software or create new admin accounts.
-
Authenticated remote command execution – Security researchers at Synacktiv note that, on networks where SMB signing is disabled, the flaw becomes authenticated remote code execution as SYSTEM.
-
NTLM relay bypass – The vulnerability re-opens a class of attacks Microsoft has spent years mitigating, coercing a target to authenticate to a malicious SMB server and reflecting those credentials back for elevated access.
Although Microsoft says there is no evidence of in-the-wild exploits yet, the technical details are public, dramatically shortening the window before threat actors weaponise the bug.
Who Is At Risk?
Any domain-joined Windows device where SMB signing is “negotiated” rather than enforced is vulnerable. Corporate environments that rely on legacy systems or performance-tuned file-sharing often relax SMB signing, making them prime targets for lateral-movement attacks.
How To Protect Your Systems
-
Install June’s cumulative security update (released 10 June 2025).
-
Verify SMB signing is enforced in Group Policy (
Computer Configuration → Windows Settings → Security Settings → Local Policies → Security Options → Microsoft network client: Digitally sign communications). -
Audit and restrict outbound SMB traffic to prevent unsolicited authentication requests.
-
Monitor for new DNS records or unusual machine-to-machine authentication — the patch blocks one known coercion technique, but defenders should watch for variants.
Patch Details
| Windows Version | Patch Tuesday Build | Windows Update KB |
|---|---|---|
| Windows 11 23H2 | 22631.3737 | KB5039302 |
| Windows 11 22H2 | 22621.3737 | KB5039302 |
| Windows 10 22H2 | 19045.4529 | KB5039309 |
| Server 2022 | 20348.2503 | KB5039312 |
(See the Microsoft Security Update Guide for the full SKU list.)
Why Speed Matters
During the June rollout Microsoft patched 66 vulnerabilities, but CVE-2025-33073 is one of just two publicly disclosed flaws, elevating it to top-priority status alongside a separate WebDAV zero-day. Security experts warn that once proof-of-concept code appears, commodity ransomware crews tend to move quickly. If you can’t patch immediately, isolate critical file servers and enable mandatory SMB signing today.
Bottom Line
If you administer Windows devices, schedule emergency maintenance and push June’s updates now. Home users should open Settings → Windows Update → Check for updates and reboot as soon as the patch is applied. Skipping this fix leaves a clear path for attackers to jump from a low-privileged foothold to complete system takeover.
Photo Credit: DepositPhotos.com