关于Windows SMB权限提升漏洞(CVE-2025-33073)的预警提示

发布时间:2025-06-24浏览次数:10

一、漏洞详情

Windows SMB(Server Message Block)是一种网络通信协议,用于计算机之间共享资源和文件。

近日,监测到官方修复Windows SMB 权限提升漏洞(CVE-2025-33073),该漏洞存在于Windows SMB中,由于访问控制不当,具有普通域用户权限的攻击者可以通过添加恶意的DNS记录并强制域内计算机(域控除外)进行解析来获取域内所有用户的权限,从而达到提权的目的。

建议受影响用户做好资产自查以及预防工作,以免遭受黑客攻击。

二、影响范围

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)Windows Server 2012

Windows 10 for x64-based SystemsWindows 10 for 32-bit Systems

Windows Server 2025

Windows 11 Version 24H2 for x64-based Systems

Windows 11 Version 24H2 for ARM64-based Systems

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows Server 2025 (Server Core installation)

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

三、修复建议

可参考以下链接下载适用于该系统的补丁并安装:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33073

首页| 部门简介| 工作职责| 智慧校园| 计算机实验中心| 高性能计算| 信息安全| 政策法规| 正版软件| 服务指南
  • 版权所有 © 常州大学信息化建设与大数据处 Copy Right 2000-2022
    地址:江苏省常州市武进区滆湖路1号常州大学文彬楼   电话:0519 - 86330350   [管理登录]

    苏公网安备 32041202001161号