Kerberos is widely used for secure authentication in Windows environments. However, when misconfigured Service Principal Names (SPNs) and default permissions align, attackers can exploit Kerberos reflection to gain SYSTEM-level access remotely. We reported these findings to the Microsoft Security Response Center (MSRC) in June 2025. Microsoft released a security update for the issue, which it cataloged as CVE‑2025‑58726 (SMB Server Elevation of Privilege), in October 2025. However, understanding how attackers seek to exploit gaps in SPN and authentication security could help you avoid similar vulnerabilities in the future.
