CVE-2025-33073: Microsoft Windows SMB Client Improper Access Control

Microsoft Windows SMB Client Improper Access Control Vulnerability. Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.

• CISA KEV-listed (remediation due 2025-11-10)
• EPSS 44.3% (97.6% percentile)

Detection rules

• Suspicious DNS Query Indicating Kerberos Coercion via DNS Object SPN Spoofing - Network high
• Potential Kerberos Coercion by Spoofing SPNs via DNS Manipulation high
• Suspicious DNS Query Indicating Kerberos Coercion via DNS Object SPN Spoofing high
• Attempts of Kerberos Coercion Via DNS SPN Spoofing high

Browse the CVE database

Read the full analysis on IntelFusions