The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on a Windows vulnerability affecting the Server Message Block (SMB) client across multiple versions, including Windows 10, Windows 11, and Windows Server.
Vulnerability Details
This vulnerability, with a CVSS score of 8.8, poses a high risk to SMB clients used for network resources. Microsoft addressed the issue in June 2025, but unpatched systems remain vulnerable. Attackers can exploit this by initiating a connection to a malicious SMB server, gaining elevated access privileges.
- Entity: SMB client vulnerability
- Date: Patch issued in June 2025
- Significance: CVSS score of 8.8
- Deadline: Patches required by 2025-11-10
Agency Recommendations
CISA directs federal agencies to apply updates by 2025-11-10 under Binding Operational Directive 22-01. Agencies must verify that all systems are patched to safeguard against attacks. Recommendations for those unable to patch include restricting SMB access, network segmentation, and monitoring for unusual SMB traffic.
Industry Response
Experts emphasize the attack methodology involves tricking target machines into connecting to malicious servers. Officials like John Carberry and Andrew Obadiaru stress the importance of continuous testing to address shortening windows between disclosure and exploitation. Base efforts on prioritizing and remediating critical vulnerabilities.
