Update Windows Now — Microsoft Confirms System Takeover Danger
CVE-2025-33073 can lead to system takeover, Microsoft has confirmed.
Microsoft users are starting to get all too familiar with being advised to act now, as confirmation of security threat after security threat is made. A Windows secure boot bypass, and attacks exploiting vulnerabilities against Windows 10 and 11 users both require users to update now. That advice is all too clearly warranted as Microsoft has confirmed yet another Windows vulnerability that demands urgent update attention, and this one can lead to a system takeover. Here’s what you need to know about CVE-2025-33073, and what you need to do. Hint: update Windows now!
CVE-2025-33073: A Windows Authentication Relay Attack Vulnerability
Attaining a Common Vulnerability Scoring System score of 8.8, considered a high severity risk, CVE-2025-33073 has been given an important severity rating by Microsoft itself. Such discrepancies are not unusual, as Microsoft applies several additional factors in arriving at its own assessment. None of which, however, should distract from the primary point here: this is a serious security vulnerability with serious consequences if successfully exploited by an attacker.
“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft has confirmed. Although there is no evidence of exploitation in the wild as of yet, the vulnerability itself has been publicly exposed, so it’s only a matter of time. “To exploit this vulnerability,” Microsoft explained, “an attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.”
“Even though CVE-2025-33073 is referred by Microsoft as an elevation of privilege,” Wilfried Bécard and Guillaume André, security researchers at Synacktiv who were among those who disclosed the vulnerability, said, “it is actually an authenticated remote command execution as SYSTEM on any machine which does not enforce SMB signing.”
Semantics aside, what is important is that you follow the advice given at the very start of this article and update now. Microsoft has released a fix, as part of the June Patch Tuesday Windows security rollout, which not only applies the fix but, Bécard and André said, “also removes the ability to coerce machines into authenticating via Kerberos by registering a DNS record with marshalled target information.”