Update Microsoft Windows Server, 10 And 11 Now — Attacks Underway
The latest update from the US Cybersecurity and Infrastructure Security Agency (CISA) is a stark reminder that even after the October Patch Tuesday rollout, many organizations are still vulnerable to attacks. Microsoft Windows users who have yet to address the record-breaking security vulnerability confirmation are being urged to update their systems with utmost urgency.
The warning comes just a week after CISA issued a two-week update deadline for Windows Remote Access Connection Manager and modem drivers that ship natively with supported Windows operating systems vulnerabilities. Now, CISA has warned of a high-severity Windows SMB privilege escalation vulnerability, CVE-2025-33073, which is already under attack in the wild.
CVE-2025-33073 is a critical vulnerability that enables an authorized attacker to elevate privileges over a network using the Microsoft Windows Server Message Block (SMB) client protocol. This means that any user sharing files, printers, or other communications on a network using SMB is at risk of being exploited.
The impact of this vulnerability cannot be overstated. CISA has warned that it poses significant risks to organizations, both large and small, and even consumers who use Microsoft Windows. The agency's warning is particularly urgent given that the fix for CVE-2025-33073 was made available in June, when the vulnerability was confirmed.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said. In reality, this could be true for any organization or individual using Microsoft Windows, as they are all at risk from this particular vulnerability.
So, what should you do? If you haven't already updated your systems with the latest patches, now is the time to take action. Remember that timely remediation is crucial in reducing exposure to cyberattacks. You can update your systems now and avoid the possibility of being compromised by this vulnerability.
Update Deadline
CISA has issued a 14-day deadline for certain Federal Civilian Executive Branch agencies to update their Windows Server, Windows 10, and Windows 11 systems. However, given the severity of CVE-2025-33073, CISA is urging all organizations to take immediate action.
Don't wait – pull your finger out and update Windows sooner rather than later, preferably immediately if your systems and processes could be affected by the vulnerability. Your organization's security depends on it.