Latest news with #WindowsServer2025
Forbes
21-05-2025
- Forbes
New Windows Server 2025 Attack Compromises Any Active Directory User
New Windows Server 2025 vulnerability confirmed. Although you are far more likely to read about vulnerabilities impacting the Windows operating system, including those that have long since reached end-of-support status such as Windows 7, this doesn't mean that Windows Server users are not in the crosshairs of threat actors. Far from it, and not just legacy versions either, as security researchers reveal a new, and trivial to implement, Windows Server 2025 vulnerability that could compromise any Active Directory user. Here's what you need to know. Privilege escalation vulnerabilities are among the worst you can be faced with, as, rather obviously, they enable a successful attacker to do way more than they should be able to given the lack of permissions they started with. Yuval Gordon, a senior security researcher at Akamai Technologies, has exclusively shared details of a particularly concerning privilege escalation vulnerability impacting Windows Server 2025. Not only because, as Gordon explained, it allows an attacker to 'compromise any user in Active Directory,' but also as it 'works with the default configuration, and is trivial to implement.' If you thought things couldn't get any worse, you'd be wrong: no patch is currently available. Akamai has named the vulnerability and associated exploit as BadSuccessor, and confirmed that it abuses the delegated Managed Service Account feature introduced with Windows Server 2025. 'In 91% of the environments we examined,' Gordon said, 'we found users outside the domain admins group that had the required permissions to perform this attack.' BadSuccessor might be trivial to implement, but the consequences of a successful attack are far from the same. Full attack flow, showing all steps needed to have a BadSuccessor. A key feature of dMSA is the ability to migrate existing and non-managed service accounts by seamlessly converting them into dMSAs, and it's this that is the issue. 'By abusing dMSAs, attackers can take over any principal in the domain,' Gordon said. All an attacker needs to be able to exploit the BadSuccessor vulnerability is a seemingly benign permission on any organizational unit in the domain. Here's the real killer though: as long as you have one Windows Server 2025 domain controller, your domain doesn't even need to be using dMSAs at all, the exploit will work anyway. I would advise every Windows Server administrator to read the full report in its entirety, and as a matter of some urgency. In the meantime, I spoke with Yuval Gordon who reiterated that BadSuccessor is not only 'so dangerous because the attack is so simple,' but added that Akamai researchers were 'surprised that we were first to discover it.' The only good news, such as it is, would be that there is no evidence to conclusively show that BadSuccessor has been exploited by attackers in the wild at this point, but given that 'most organisations aren't currently monitoring the relevant events,' Gordon said it's hard to say for certain . Gordon recommended that organizations and admins need to identify which users have the specific permissions that make this attack possible, and, having done so, review and remove unnecessary permissions. 'We're releasing a PowerShell script alongside the blog post to help with that,' Gordon told me, so that would be a good starting point. 'It highlights exactly which users have risky access so defenders know where to focus,' Gordon concluded. I reached out to Microsoft for a statement, and a spokesman said: 'We appreciate Akamai for identifying and responsibly reporting this issue. After careful investigation, this case was rated as a Moderate severity that does not meet our bar for immediate servicing, as the technique requires elevated user permissions to be successful. We will look to address this issue in a future update.' Microsoft also said that for BadSuccessor to be successful, an attacker would require access to the msds-groupMSAMembership attribute of the dMSA. This attribute allows the user to utilize the The attacker needs write access to this attribute, which allows them to specify a user, such as an administrator, that the dMSA can act on behalf of. All users of Windows Server 2025 are advised to take action and protect against the threat until Microsoft issues a fix.
Associated Press
13-05-2025
- Business
- Associated Press
Technical Research Report: Analyzing the Benefits of Windows Server® 2025 OEM Licensing and Dell™ PowerEdge™ R770 Servers
Bellevue, WA May 12, 2025 --( )-- A total cost of ownership (TCO) study conducted by Prowess Consulting reveals that the Windows Server® 2025 OEM license that comes preinstalled on Dell™ PowerEdge™ R770 servers delivers significant savings in both capital expenditures (CapEx) and operating expenses (OpEx) compared to a traditional volume-licensed, manually installed version.* Additional benefits of Windows Server 2025 include enhanced security capabilities, with multi-layered security rooted in hardware, in addition to hotpatching updates. To investigate how Windows Server 2025 can help small to medium-sized businesses (SMBs) address today's business and operational challenges, Prowess Consulting compared the benefits of Windows Server 2025 OEM licensing preinstalled on PowerEdge R770 servers to traditional, manually installed volume licensing. They also examined the new and enhanced capabilities of Windows Server 2025 versus Windows Server 2022. The study's results indicate that the latest version of Windows Server with OEM licensing can help SMBs modernize infrastructure, significantly lower TCO, protect against cyber threats, and meet regulatory requirements. 'Standardizing server environments with Windows Server 2025 OEM licensing preinstalled on PowerEdge R770 servers can significantly lower TCO,' says Ben Fuller, Prowess Consulting Account Director. 'Compared to traditional volume licensing, OEM licensing costs less, streamlines software procurement, reduces manual intervention, accelerates server deployment, and significantly lowers CapEx and OpEx.' Windows Server 2025 installed on PowerEdge R770 servers enables SMBs to adopt a zero-trust security model rooted in hardware. Multi-layered, hardware-enforced, and automated security features like hotpatching enhance an organization's security strategy without requiring specialized expertise. Other future-ready enhancements help boost AI and machine learning (ML) performance, scale infrastructure from edge to cloud, improve operational efficiency, and streamline DevOps. Particularly of benefit for organizations with limited IT resources is the OEM licensing's technical support package, which is superior to that of traditional licensing. To learn more about the benefits of deploying a Windows Server 2025 OEM license preinstalled on a Dell PowerEdge R770 server, visit to view the full technical research report, research abstract, methodology, and infographic. To learn more about Microsoft OEM software solutions from Dell Technologies, visit *The analysis and reporting were done by Prowess Consulting and commissioned by Dell Technologies. About Prowess Consulting Prowess Consulting has partnered with technology innovators for more than 20 years, delivering trusted, high-quality solutions and strategic expertise to support their growth and operations. Prowess Consulting is located in Bellevue, Washington, USA. For more information, visit Contact Information: Prowess Consulting Ben Fuller 206-443-1117 Contact via Email Read the full story here: Technical Research Report: Analyzing the Benefits of Windows Server® 2025 OEM Licensing and Dell™ PowerEdge™ R770 Servers Press Release Distributed by
Forbes
29-04-2025
- Forbes
New Windows 7 And Windows Server 2008 Security Updates Confirmed
Windows 7 users get good security update news. NurPhoto via Getty Images Security updates are very much in the news at the moment, what with a no-reboot patching feature for Windows 11 and Microsoft's announcement that hotpatching will cost at least $1.50 per core for Windows Server 2025 users. Yet, with hundreds of security vulnerabilities being uncovered that impact Windows users, and cybercriminals evolving to strike at record speed, the matter of keeping on top of security updates has never been more vital. Unless you are a user of a Windows platform that has reached end-of-support status, such as Windows 7 or Windows Server 2008 R2, for example. There simply are no security patches available for these two platforms. Or are there? I have some good news for you if you just can't bear to part ways with your favourite Windows computer. The secret to the continuing availability of security patches to protect your systems if you are a hardened Windows 7 or Windows Server 2008 R2 user has been hinted at in a number of my articles. On March 27, I reported how a zero-day vulnerability impacting everything from Windows 7 and Server 2008 R2 to the latest Windows 11 v24H2 and Server 2025 could be mitigated even though Microsoft didn't have any official patch at the time. Back on Dec 7, 2024, I reported how another zero-day, impacting all Windows users, could be fixed using the same method. Those fixes came by way of a micro patching service called 0patch — the same service that can now save you if you want to keep your legacy Windows systems alive and protected. 0patch addresses the vulnerability gap between zero-days being discovered and any official patch being released. It does this by providing what it refers to as micro patches, much like the subscription fee incurring Windows Server 2025 hot patch system. These work by applying the fix in memory without disturbing the process itself and without requiring any reboots. Posting to X, formerly known as Twitter, on April 29, Mitja Kolsek, the CEO of ACROS Security, the company behind 0patch, said: 'Due to (wow!) growing demand, we've decided to extend support for Windows 7 and Windows Server 2008 R2 with security patches for another year (Jan/2027). Reminder: our security patches are the only security patches existing for these Windows versions.' Wow, indeed. So, if you are a user of either platform, now is the time to reach out and get those micro patch security updates to protect your systems and your data. You only have one other choice, it would seem, and that's to remain at risk of attack.
Forbes
29-04-2025
- Forbes
Microsoft Confirms $1.50 Windows Security Update Hotpatch Fee Starts July 1
Would you pay for no-reboot Windows security updates? Update, April 29, 2025: This story, originally published April 28, has been updated with further information regarding the paid for hotpatching security update service that will cost Windows Server 2025 users $1.50 per core from July 1. When it comes to security updates, those that fix vulnerabilities in an operating system used by billions are high on the mandatory agenda. Which is why it has not been the greatest month for Microsoft, what with the online furor after a recent Windows security patch added a mysterious folder, without any explanation. Social media 'experts' advised users to delete it, only for Microsoft to issue an advisory warning that would leave them open to attack. That update, and the installation of the inetpub folder, has now been shown to actually open the path to a different Windows hack attack. Now the whole Windows security update business has another contentious issue to deal with: charging a monthly subscription to receive no-reboot security 'hotpatch' updates. As I reported April 14, Microsoft is moving toward a time whereby a hotpatching function would negate the need to reboot your Windows system following a security update. The no-reboot security fixes would download and install in the background, deployed within the in-memory code of already running processes. That report was concerning the feature coming to users of a very specific version of Windows 11: Windows 11 Enterprise, version 24H2 for x64 (AMD/Intel) CPU device users running Microsoft Intune for deployment. Now, Janine Patrick, Windows Server product marketing manager, and Artem Pronichkin, a senior program manager at Microsoft, have confirmed that the hotpatch system for Windows Server 2025, comes out of preview mode on July 1. Microsoft has said that hotpatching brings a number of important benefits to the security update process. Not least that there will be higher availability with fewer reboots required, and that's no bad thing in anyone's book. Updates will be faster to deploy as they will arrive in much smaller packages that install quickly and, Microsoft pointed out, have easier patch orchestration with the optional Azure Update Manager. Finally, and most important as far as I am concerned, is the fact that because there is no rebooting required, the windows of vulnerability, that period between a vulnerability becoming known and getting patched, so leaving it open to exploit by attackers, closes sooner. This is particularly of note, Microsoft said, 'if an administrator might normally delay an update and restart after a Windows security update is released.' Microsoft has said that the Windows Server 2025 hotpatching feature, which has been available in preview mode since 2024, will become a subscription-only service from July 1. So, who has to pay the fee? Well, first things first, to be able to run the no-reboot hotpatch security updates feature, Microsoft said that you will need to be using 'Windows Server 2025 Standard or Datacenter, and your server must be connected to Azure Arc.' The important and controversial bit quickly followed: 'You will also need to subscribe to the Hotpatch service.' Although hotpatching has been available for the longest time for Windows Server Datacenter: Azure Edition, and it will continue without charge, these security updates for Windows Server 2025 users will cost $1.50 per CPU core per month. Yes, you read that right, per core. 'With hotpatching,' Microsoft said, 'you will still need to restart your Windows Servers about four times yearly for baseline updates, but hotpatching can save significant time and ease the inconvenience of a traditional Patch Tuesday.' Only you can decide if it is for you, and the service is entirely optional.
Time of India
28-04-2025
- Time of India
Microsoft's hotpatching feature for Windows security update is no longer free! Get ready to pay $1.50 from July 1
If you hate waiting for your device to reboot after installing any update, you might have heard about the hotpatching feature by now. Microsoft provided a free hotpatching feature in preview mode till now. However, that is going to change as the tech giant has confirmed that hotpatching for its much-hyped Windows Server 2025 operating system, which was made available in preview mode last year, is all set to become a paid subscription service starting July 1, 2025. #Pahalgam Terrorist Attack India stares at a 'water bomb' threat as it freezes Indus Treaty India readies short, mid & long-term Indus River plans Shehbaz Sharif calls India's stand "worn-out narrative" The news was shared by Windows Server product marketing manager Janine Patrick and senior program manager Artem Pronichkin in a blog on April 24. Hotpatching: How does it work? As per the tech giant, Windows Server 2025 has an all new way to install updates through hotpatching. This takes away the need to reboot the users' devices post the completion of the installation of an update. The feature was made possible by patching in-memory code of processes that are already running, avoiding the need to restart the system. GIF89a����!�,D; 5 5 Next Stay Playback speed 1x Normal Back 0.25x 0.5x 1x Normal 1.5x 2x 5 5 / Skip Ads by by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like The cost of hearing aids in Naroda might surprise you! Learn More Undo In an earlier report, Forbes stated that this feature was for users of Windows 11, especially for Windows 11 Enterprise (version 24H2). Also Read : Canada Elections 2025 results: What will US, China gain from polls? Live Events Hotpatching: Subscription price and key requirements In order to use the hotpatching feature, users must have 'Windows Server 2025 Standard or Datacenter', while they need to ensure that their server remains connected to Azure Arc. Apart from this, people will also need to take a paid subscription of the Hotpatch service, the company said. For now, this service is available to users at no additional charges on preview mode. However, this changes from July onwards when a subscription fee will be launched. Post that, hotpatching for Windows Server 2025 users will be made available at a cost of "$1.50 per CPU core per month," the blog added. For years, hotpatching has remained available for the users of Windows Server Datacenter: Azure Edition. It is accessible to them without any extra charge. Hotpatching benefits In simple terms, this provides an all-new way to users for installing their crucial updates in the Windows Server 2025. In this, people will not be required to reboot their devices after installation. This ensures fast deployment of updates to the devices, since these packages are smaller in size and get installed quickly, Microsoft said. Thanks to the availability of Azure Update Manager , this has easier patch orchestration. To install baseline updates, users will still be required to restart the devices for about four times on an yearly basis. The need to roll a subscription fee comes after a mysterious 'inetpub' folder got added to devices after users installed a Windows security patch, leading to major social media outrage. As per reports, the company later advised users to avoid deleting the same. Also Read : Golden retrievers or labradors: Planning to adopt a dog? Check which breed will be suitable for you FAQs 1. How to enable hotpatching? Connect your server to Azure Arc and sign into the Azure Portal. Visit the Azure Update Manager and open the Azure Arc-enabled server option to select hotpatching. 2. What to do if you have selected to try the hotpatching service through Azure Arc in preview? Such Windows Server 2025 users will have to disenroll latest by June 30 to end the preview, otherwise their subscription starts automatically from July 2025.
