Windows Server 2025 is vulnerable to a newly discovered, and trivial to implement, attack that enables a hacker to compromise any user in Active Directory.
, this doesn’t mean that Windows Server users are not in the crosshairs of threat actors. Far from it, and not just legacy versions either, as security researchers reveal a new, and trivial to implement, Windows Server 2025 vulnerability that could compromise any Active Directory user.
Here’s what you need to know. Privilege escalation vulnerabilities are among the worst you can be faced with, as, rather obviously, they enable a successful attacker to do way more than they should be able to given the lack of permissions they started with. Yuval Gordon, a senior security researcher at Akamai Technologies, has exclusively shared details of a particularly concerningimpacting Windows Server 2025. Not only because, as Gordon explained, it allows an attacker to “compromise any user in Active Directory,” but also as it “works with the default configuration, and is trivial to implement.” If you thought things couldn’t get any worse, you’d be wrong: no patch is currently available., and confirmed that it abuses the delegated Managed Service Account feature introduced with Windows Server 2025. “In 91% of the environments we examined,” Gordon said, “we found users outside the domain admins group that had the required permissions to perform this attack.” BadSuccessor might be trivial to implement, but the consequences of a successful attack are far from the same.A key feature of dMSA is the ability to migrate existing and non-managed service accounts by seamlessly converting them into dMSAs, and it’s this that is the issue. “By abusing dMSAs, attackers can take over any principal in the domain,” Gordon said. All an attacker needs to be able to exploit the BadSuccessor vulnerability is a seemingly benign permission on any organizational unit in the domain. Here’s the real killer though: as long as you have one Windows Server 2025 domain controller, your domain doesn’t even need to be using dMSAs at all, the exploit will work anyway. I would advise every Windows Server administrator to read the full report in its entirety, and as a matter of some urgency. In the meantime, I spoke with Yuval Gordon who reiterated that BadSuccessor is not only “so dangerous because the attack is so simple,“ but added that Akamai researchers were “surprised that we were first to discover it.” The only good news, such as it is, would be that there is no evidence to conclusively show that BadSuccessor has been exploited by attackers in the wild at this point, but given that “most organisations aren’t currently monitoring the relevant events,“ Gordon said it’s hard to say for certain . Gordon recommended that organizations and admins need to identify which users have the specific permissions that make this attack possible, and, having done so, review and remove unnecessary permissions. “We're releasing a PowerShell script alongside the blog post to help with that,” Gordon told me, so that would be a good starting point. “It highlights exactly which users have risky access so defenders know where to focus,” Gordon concluded. I reached out to Microsoft for a statement, and a spokesman said: “We appreciate Akamai for identifying and responsibly reporting this issue. After careful investigation, this case was rated as a Moderate severity that does not meet our bar for immediate servicing, as the technique requires elevated user permissions to be successful. We will look to address this issue in a future update.” Microsoft also said that for BadSuccessor to be successful, an attacker would require access to the msds-groupMSAMembership attribute of the dMSA. This attribute allows the user to utilize the dMSA.msds-ManagedAccountPrecededByLink. The attacker needs write access to this attribute, which allows them to specify a user, such as an administrator, that the dMSA can act on behalf of. All users of Windows Server 2025 are advised to take action and protect against the threat until Microsoft issues a fix.
Windows Windows Server 2025 Akamai Windows Server 2025 Vulnerability Active Directory Active Directory Hack Hacking Windows Server Microsoft Security Badsuccessor
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Ballon d'Or 2025 Odds: Who Will Win the 2025 Ballon d'Or?Chris Vasile breaks down the latest Ballon d'Or odds as we reach the climax of the 2024-25 season.
Read more »
Razr Ultra 2025 vs Razr Plus 2025 vs Razr 2025, which should you buy?There's a new flagship flip phone in town, but should you buy the Razr Ultra 2025? Do the Razr Plus 2025 or Razr 2025 offer a good enough experience at a lower price? Let's take a look.
Read more »
Shakira Stuns in Dreamy Pink Dress at 2025 Met GalaShakira stunned in a gorgeous pink dress at the 2025 Met Gala 2025.
Read more »
See which Netflix shows are canceled and renewed for the 2025-2026 seasonNetflix has already renewed a slew of shows for 2025 and 2025
Read more »
Microsoft Build 2025: What to expect from Copilot, Windows 11 and AI agentsIan Carlos Campbell is a Contributing Reporter at Engadget, where he covers the big companies making screens for your pockets, and the weird ways they intersect with entertainment industry. Prior to Engadget, Ian was an Associate Editor at Inverse focused on AR, VR and mobile technology.
Read more »
Here’s When the 2025 CMA Awards Will Be HeldThe 2025 CMA Awards announced 2025 date and some changes.
Read more »