Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Microsoft Windows SMB Improper Access Control Vulnerability Allowing Privilege Elevation

Vulnerability

A vulnerability has been identified in Windows Server 2008 R2, Windows Server 2008, Windows Server 2016, Windows 10 (various versions), Windows 11 (versions 22H2 and 23H2), and Windows Server 2022. This vulnerability arises from improper access control in the SMB protocol, which allows an authorized attacker to elevate privileges over a network. Exploitation could enable the attacker to gain SYSTEM privileges on the affected machine.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM rights on the affected system.

Remediation

Users can apply the security updates provided by Microsoft for this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5061078, KB5061036, KB5061026, KB5061010, KB5060999, KB5060533, KB5060526, KB5060531, and KB5060842.

Added: Jun 10, 2025, 5:53 PM
Updated: Oct 20, 2025, 2:38 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
5.0
remediation
7.7
relevance
0.2
threat
8.7
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.