Update Microsoft Windows Server, 10 And 11 Now — Attacks Underway

ByDavey Winder,

Senior Contributor.

Although the October Patch Tuesday rollout has passed, Microsoft Windows users are still feeling the impact of the record-breaking security vulnerability confirmation, which saw nearly 200 Common Vulnerabilities and Exposures, including third-party CVEs, addressed. The latest warning from America’s Cyber Defense Agency, the Cybersecurity and Infrastructure Security Agency, comes just a week after it issued a two-week update deadline for Windows Remote Access Connection Manager and a modem driver that ships natively with supported Windows operating systems vulnerabilities. Now, CISA has warned, everyone should update a high-severity Windows SMB privilege escalation vulnerability, impacting Windows Server, 10 and 11 users, that is already under attack in the wild, and do so with the utmost urgency. Here’s what you need to know about CVE-2025-33073.

The latest warning from CISA, as part of Binding Operational Directive 22-01, requires certain Federal Civilian Executive Branch agencies to update their Windows Server, Windows 10 and Windows 11 systems within a 14-day deadline. However, the impact of CVE-2025-33073, which is already under attack, CISA said, is such that it has urged “all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation.” In other words, pull your finger out and update Windows sooner rather than later, preferably immediately if your systems and processes could be affected by the vulnerability.