CISA warns of an ongoing exploitation of a vulnerability in the Windows SMB client

CISA warns of an ongoing exploitation of a vulnerability in the Windows SMB client

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

CISA warns of an ongoing exploitation of a vulnerability in the Windows SMB client

Severity: High (CVE-2025-33073)

Score : 8.8

Information

  Windows SMB is a component of the Windows operating system that functions to connect and communicate with servers or other devices via the SMB (Server Message Block) protocol, which is a protocol used for file sharing, printing, and communication between computers on a network (Network File Sharing Protocol).

Incident

  The CVE-2025-33073 vulnerability is a security flaw discovered in the Windows Server Message Block (SMB) client component, a critical function of the Windows operating system used for file sharing, printer access, and accessing resources within organizational networks. This vulnerability has been rated as High Severity, with a score of 8.8 according to the CVSS (Common Vulnerability Scoring System).

  This vulnerability allows an attacker to perform remote attacks by tricking a Windows client into connecting to a maliciously crafted SMB server controlled by the attacker. Once the authentication process begins, the vulnerability can be triggered, enabling the attacker to escalate privileges or gain partial control of the system, depending on the privileges of the compromised user.

  Microsoft has released a patch to address this vulnerability in the June 2025 Patch Tuesday update. However, many Windows systems remain unpatched, allowing the vulnerability to continue being exploited. As a result, the CISA (Cybersecurity and Infrastructure Security Agency) in the United States has issued a warning urging system administrators worldwide to install the patch as soon as possible.

Recommendation

  • Apply the latest Microsoft patches
  • Block the SMB port (TCP 445) from external networks
  • Restrict user privileges and grant only necessary permissions
  • Alert users not to connect to unknown SMB servers

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
061 387 9439 (Ms.Sirilak)
092 257 6902 (Ms.Narusorn)
063 197 7510 (Mr.Yanotai)
065 725 7405 (Ms.Nattharini)

References

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-59295

14/10/2025

17/10/2025

Windows Server 2008 R2
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025
Windows 10 Version 1607
Windows 11 Version 24H2
Windows 11 Version 23H2
Windows 10 Version 22H2
Windows 11 Version 22H2
Windows 10 Version 21H2
Windows 10 Version 1809
Windows 11 Version 25H2
For other versions, please refer to the reference link for details.

Heap-Based Overflow

8.8

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

Update to the latest patch version according to the affected products. For more details, please refer to the provided link.

https://nvd.nist.gov/vuln/detail/CVE-2014-2120
2

CVE-2025-49552

14/10/2025

17/10/2025

Adobe Connect versions 12.9 and earlier

Cross Site Scripting

8.1

Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction.

Update to version 12.10

https://security.paloaltonetworks.com/CVE-2025-4615
3

CVE-2025-54263

14/10/2025

16/10/2025

Adobe Commerce versions
2.4.9-alpha2,
2.4.8-p2,
2.4.7-p7,
2.4.6-p12,
2.4.5-p14,
2.4.4-p15
and earlier

Incorrect Authorization

8.1

Adobe Commerce is affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.

Adobe recommends updating the patch to the latest available version that includes the fix.

https://nvd.nist.gov/vuln/detail/CVE-2025-23300

 
 4

CVE-2025-8486

15/10/2025

16/10/2025

Lenovo PC Manager versions
2.6.40.3154,
2.8.90.11211,
5.1.80.9023,
5.1.110.5082
and 5.1.120.7041

Unnecessary Privileges

8.5

A potential vulnerability was reported in Lenovo PC Manager that could allow a local authenticated user to execute code with elevated privileges.

Upgrade to version 5.1.140.9262 

https://nvd.nist.gov/vuln/detail/CVE-2023-27997
5

CVE-2025-20710

14/10/2025

16/10/2025

Chipset MediaTek
MT6890
MT7915
MT7916
MT7981
MT7986

Integer Overflow

8.8

In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Update to Patch ID WCNCR00418785

https://www.ibm.com/support/pages/node/7249061

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

MonsterV2 malware spread through ClickFix campaigns​

14/10/2025​

Malware spreading, Remote Access Trojan (RAT), Information-stealer​

Proofpoint reports that the terrorists, known as TA585, attempted to use MonsterV2 malware as a backdoor and steal data, as well as being able to drop MaaS.​
The method TA585 uses is to attempt to take over a website and then inject it to further attack ClickFix, such as displaying a fake CAPTCHA to trick the victim into using a PowerShell Command, which is then used to deliver the malware to the victim's machine. It can also check if the victim's machine has an antivirus before proceeding with the attack, aiming to steal browser login credentials, credit card information and crypto wallets. It also uses hidden virtual network computing (HVNC) techniques to backup the network so that the victim is unaware of any remote attacks.​

Proofpoint clarifies that ClickFix has seen a steady increase in adoption and wants to emphasize its threat intelligence training and PowerShell protection.​
  • Install an antivirus that can prevent malicious PowerShell commands from being executed.​
  • Conduct a Cybersecurity Awareness Training

Ref: https://www.scworld.com/news/monsterv2-malware-spread-through-clickfix-campaigns/

 

 

04 November 2025

Viewed 352 time

Engine by shopup.com