Microsoft · Windows Smb · CVE-2025-33073
**Name of the Vulnerable Software and Affected Versions**
Microsoft Windows (affected versions not specified)
**Description**
Improper access control in the Windows SMB Client, specifically within the `mrxsmb.sys` driver, allows an authorized or unauthenticated remote attacker to elevate privileges. The issue stems from weaknesses in authentication relaying, including NTLM reflection and Reflective Kerberos Relay attacks. Attackers can use authentication coercion techniques, such as forcing a request to a UNC path, to make a host connect to a malicious system. By manipulating `CREDENTIAL TARGET INFORMATIONW` and removing NTLM capabilities from SPNEGO to force Kerberos usage, an attacker can relay a Kerberos ticket back to the same host. This process allows the attacker to gain a session as the computer account (`DOMAINMACHINE$`) and ultimately escalate privileges to `NT AUTHORITYSYSTEM`, granting full control over the compromised device. Exploitation can occur via standard RPC and SMB services and may be triggered through social engineering or drive-by downloads.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.