[German]On June 11, 2025, Microsoft will hold its regular patch day and release security updates for Windows. Administrators in companies should install the security updates promptly this time, as a vulnerability CVE-2025-33073 in Windows is to be closed. At the weekend, information was already circulating warning of the vulnerability. Let me summarize some preliminary information that I can disclose.
A warning from DFN-CERT
Last Friday, June 6, 2025, I already received emails from German a blog reader ("a (more confusing than informative) warning about the above vulnerability CVE-2025-33073 is currently circulating"), which addressed a warning about a vulnerability. Below is such a warning, which states that the security updates that Microsoft will release on June 10, 2025 should be installed promptly.
The information was sent by German DFN-CERT (Computer Emergency Response Team of the German Research Network). There is also a German attachment which contains slightly more information (see screenshot below).
The source of the warning is the company RedTeam Pentesting GmbH, whose security researchers have discovered a vulnerability in Windows. The warning mentions the vulnerability CVE-2025-33073 as critical and is said to have a CVSS 3.1 index of probably 8.8.
The text also states that administrators should install the patches published by Microsoft in their Windows systems as soon as possible. The background to this is that the discoverers of the vulnerability assume that attackers could quickly develop an exploit from the published security updates by analyzing them.
What you should know in advance
Administrators should follow the recommendation in the above circular email with the warning and install the security updates on the affected machines as soon as possible. When the security updates are available on June 10, 2025 from around 7 p.m., I plan to provide information in my Patchday Summary before midnight on what to do if a patch cannot be installed immediately. Let's see what Microsoft reveals in this regard. Here are a few rough notes on the vulnerability:
- Windows clients Windows 10 (up to 22H2) and Windows 11 (up to 23H2) are affected, as well as all server versions still in support (up to Windows Server 2025).
- According to my current knowledge, Windows Server instances that act as domain controllers are not affected.
- To exploit the vulnerability, the attacker must be logged into a Windows network with an account in order to send requests.
If my information is correct, Microsoft has classified the vulnerability as "important" and not "critical". As indicated above, the RedTeam Pentesting GmbH team will disclose the details of the vulnerability in a blog post and white paper on Wednesday, June 11, 2025, at 10:00 a.m.
According to my current planning, I will publish an article here in the blog at the same time, linking to the documents at RedTeam Pentesting GmbH and categorizing the whole thing for administrators.
Mitigation via SMB signing possible
Administrators should promptly install the security updates provided by Microsoft for Windows on June 10, 2025 in order to close the vulnerability. However, I have spoken to the discoverers – it is possible to mitigate the vulnerability by enforcing server-side SMB signing for Windows clients and servers (if you cannot patch immediately). This can be done via group policies, which are described in the Microsoft support article Overview of Server Message Block signing.
However, the security people pointed out that some outdated systems/applications do not support SMB signing, so this may not be an option.
