New Windows Server 2025 Attack Compromises Any Active Directory User
Although you are far more likely to read about vulnerabilities impacting the Windows operating system, including those that have long since reached end-of-support status such as Windows 7, this doesn't mean that Windows Server users are not in the crosshairs of threat actors. Far from it, and not just legacy versions either, as security researchers reveal a new, and trivial to implement, Windows Server 2025 vulnerability that could compromise any Active Directory user. Here's what you need to know.
Privilege escalation vulnerabilities are among the worst you can be faced with, as, rather obviously, they enable a successful attacker to do way more than they should be able to given the lack of permissions they started with. Yuval Gordon, a senior security researcher at Akamai Technologies, has exclusively shared details of a particularly concerning privilege escalation vulnerability impacting Windows Server 2025. Not only because, as Gordon explained, it allows an attacker to 'compromise any user in Active Directory,' but also as it 'works with the default configuration, and is trivial to implement.' If you thought things couldn't get any worse, you'd be wrong: no patch is currently available.
Akamai has named the vulnerability and associated exploit as BadSuccessor, and confirmed that it abuses the delegated Managed Service Account feature introduced with Windows Server 2025. 'In 91% of the environments we examined,' Gordon said, 'we found users outside the domain admins group that had the required permissions to perform this attack.' BadSuccessor might be trivial to implement, but the consequences of a successful attack are far from the same.
Full attack flow, showing all steps needed to have a BadSuccessor.
A key feature of dMSA is the ability to migrate existing and non-managed service accounts by seamlessly converting them into dMSAs, and it's this that is the issue. 'By abusing dMSAs, attackers can take over any principal in the domain,' Gordon said. All an attacker needs to be able to exploit the BadSuccessor vulnerability is a seemingly benign permission on any organizational unit in the domain. Here's the real killer though: as long as you have one Windows Server 2025 domain controller, your domain doesn't even need to be using dMSAs at all, the exploit will work anyway.
I would advise every Windows Server administrator to read the full report in its entirety, and as a matter of some urgency. In the meantime, I spoke with Yuval Gordon who reiterated that BadSuccessor is not only 'so dangerous because the attack is so simple,' but added that Akamai researchers were 'surprised that we were first to discover it.' The only good news, such as it is, would be that there is no evidence to conclusively show that BadSuccessor has been exploited by attackers in the wild at this point, but given that 'most organisations aren't currently monitoring the relevant events,' Gordon said it's hard to say for certain .
Gordon recommended that organizations and admins need to identify which users have the specific permissions that make this attack possible, and, having done so, review and remove unnecessary permissions. 'We're releasing a PowerShell script alongside the blog post to help with that,' Gordon told me, so that would be a good starting point. 'It highlights exactly which users have risky access so defenders know where to focus,' Gordon concluded.
I reached out to Microsoft for a statement, and a spokesman said: 'We appreciate Akamai for identifying and responsibly reporting this issue. After careful investigation, this case was rated as a Moderate severity that does not meet our bar for immediate servicing, as the technique requires elevated user permissions to be successful. We will look to address this issue in a future update.'
Microsoft also said that for BadSuccessor to be successful, an attacker would require access to the msds-groupMSAMembership attribute of the dMSA. This attribute allows the user to utilize the dMSA.msds-ManagedAccountPrecededByLink. The attacker needs write access to this attribute, which allows them to specify a user, such as an administrator, that the dMSA can act on behalf of.
All users of Windows Server 2025 are advised to take action and protect against the threat until Microsoft issues a fix.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
19 minutes ago
- Yahoo
We're Not Very Worried About Odysight.ai's (NASDAQ:ODYS) Cash Burn Rate
Explore Fair Values from the Community and select yours There's no doubt that money can be made by owning shares of unprofitable businesses. For example, although made losses for many years after listing, if you had bought and held the shares since 1999, you would have made a fortune. But while the successes are well known, investors should not ignore the very many unprofitable companies that simply burn through all their cash and collapse. Given this risk, we thought we'd take a look at whether (NASDAQ:ODYS) shareholders should be worried about its cash burn. In this article, we define cash burn as its annual (negative) free cash flow, which is the amount of money a company spends each year to fund its growth. First, we'll determine its cash runway by comparing its cash burn with its cash reserves. Trump has pledged to "unleash" American oil and gas and these 15 US stocks have developments that are poised to benefit. When Might Run Out Of Money? A company's cash runway is the amount of time it would take to burn through its cash reserves at its current cash burn rate. As at March 2025, had cash of US$37m and no debt. In the last year, its cash burn was US$9.3m. Therefore, from March 2025 it had 4.0 years of cash runway. A runway of this length affords the company the time and space it needs to develop the business. Depicted below, you can see how its cash holdings have changed over time. Check out our latest analysis for How Well Is Growing? At first glance it's a bit worrying to see that actually boosted its cash burn by 4.4%, year on year. Given that its operating revenue increased 100% in that time, it seems the company has reason to think its expenditure is working well to drive growth. If revenue is maintained once spending on growth decreases, that could well pay off! We think it is growing rather well, upon reflection. Clearly, however, the crucial factor is whether the company will grow its business going forward. So you might want to take a peek at how much the company is expected to grow in the next few years. Can Raise More Cash Easily? We are certainly impressed with the progress has made over the last year, but it is also worth considering how costly it would be if it wanted to raise more cash to fund faster growth. Generally speaking, a listed business can raise new cash through issuing shares or taking on debt. Commonly, a business will sell new shares in itself to raise cash and drive growth. By looking at a company's cash burn relative to its market capitalisation, we gain insight on how much shareholders would be diluted if the company needed to raise enough cash to cover another year's cash burn. Since it has a market capitalisation of US$72m, US$9.3m in cash burn equates to about 13% of its market value. Given that situation, it's fair to say the company wouldn't have much trouble raising more cash for growth, but shareholders would be somewhat diluted. How Risky Is Cash Burn Situation? It may already be apparent to you that we're relatively comfortable with the way is burning through its cash. For example, we think its revenue growth suggests that the company is on a good path. While its increasing cash burn wasn't great, the other factors mentioned in this article more than make up for weakness on that measure. After taking into account the various metrics mentioned in this report, we're pretty comfortable with how the company is spending its cash, as it seems on track to meet its needs over the medium term. On another note, we conducted an in-depth investigation of the company, and identified 4 warning signs for (2 can't be ignored!) that you should be aware of before investing here. Of course, you might find a fantastic investment by looking elsewhere. So take a peek at this free list of interesting companies, and this list of stocks growth stocks (according to analyst forecasts) Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Geek Wire
21 minutes ago
- Geek Wire
Week in Review: Most popular stories on GeekWire for the week of Aug. 3, 2025
Get caught up on the latest technology and startup news from the past week. Here are the most popular stories on GeekWire for the week of Aug. 3, 2025. Sign up to receive these updates every Sunday in your inbox by subscribing to our GeekWire Weekly email newsletter. Most popular stories on GeekWire
The Verge
21 minutes ago
- The Verge
We found stuff AI is pretty good at
Tech companies keep telling everyone that this or that AI feature is going to change everything. But when you press them for examples, real, concrete examples of how those AI tools should be used, the answers tend to be lackluster. Sometimes AI tools feel so open-ended, it's hard to know where to start or what the best way to use them might be Well, here at The Verge, we have to test all these AI tools to better report on the features and the companies building them. And we've found scenarios that were actually useful. In this bonus episode of The Vergecast, Senior Reviewer Victoria Song sits down with a bunch of Verge staffers to talk about how they use AI tools in their everyday lives. Not all of it went smoothly — we definitely get into the ways these tools fall short — but we explore how AI can be used to help bedtime go more smoothly for parents, plan big cross-country moves, supplement your internet searches (always double-check!), and even vibe code an app for your next tabletop role-playing game. Subscribe: Spotify | Apple Podcasts | Overcast | Pocket Casts | More If you have any examples where AI was useful to you, we'd love to hear them. (For what it's worth, we'd also love to hear stories where it spectacularly failed.) You can email [email protected] or call into the Verge Hotline at from this author will be added to your daily email digest and your homepage feed. See All by Victoria Song Posts from this topic will be added to your daily email digest and your homepage feed. See All AI Posts from this topic will be added to your daily email digest and your homepage feed. See All Podcasts Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
