Latest news with #dMSA
Techday NZ
5 days ago
- Techday NZ
August Patch Tuesday: Microsoft addressing 111 vulnerabilities
Microsoft is addressing 111 vulnerabilities this August 2025 Patch Tuesday, a volume which is around the recent average. In a neat parallel with last month, Microsoft is aware of public disclosure for a single one of the vulnerabilities published today, and claims no evidence of in-the-wild exploitation. Once again, the lone Patch Tuesday zero-day vulnerability is assessed as only moderate severity at time of publication, which brings Microsoft's lucky streak up to 11 months. Today's release includes the publication of nine critical remote code execution (RCE) vulnerabilities, although Microsoft has only marked one of these as more likely to see exploitation. Eight browser vulnerabilities have already been published separately this month, and are not included in the total. What do attackers want in a Windows context? Domain admin! When do they want it? Now! Today's lone zero-day vulnerability might be just what they need to break through the final layers of protection and swipe the crown jewels. CVE-2025-53779 is an elevation of privilege (EoP) vulnerability in the Windows implementation of Kerberos, which is enabled via abuse of dMSA configuration. The advisory FAQ provides more clues as to the nature of the attack than many comparable Microsoft advisories, but misses a golden opportunity for clarity, since it never sets out what it means by dMSA, leaving us scouring for contextual clues. Ultimately, we can determine from context that today's hot topic is the Delegated Managed Service Account, rather than the Defender Microservices Architecture or some other piece of Microsoft paraphernalia with matching initials. Microsoft's motivation is unimpeachable: the dMSA supports automated rotation of credentials for service accounts, and is specifically designed to prevent credential harvesting using Kerberoasting. Indeed, CISA has described Kerberoasting as one of the most time-efficient ways to elevate privileges and move laterally throughout an organisation's network. The good news here is that successful exploitation of CVE-2025-53779 requires an attacker to have pre-existing control of two attributes of the hopefully well protected dMSA: msds-groupMSAMembership, which determines which users may use credentials for the managed service account, and msds-ManagedAccountPrecededByLink, which contains a list of users on whose behalf the dMSA can act. However, abuse of CVE-2025-53779 is certainly plausible as the final link of a multi-exploit chain which stretches from no access to total pwnage. Finally, it's important to note that Microsoft is only publishing patches for Windows Server 2025, and that's because msds-ManagedAccountPrecededByLink was first implemented in Server 2025. Migrating to newer operating systems sooner rather than later remains good advice, but so is remediation of zero-day vulnerabilities which could give an attacker total control of your estate. The publication of any pre-authentication RCE in Windows will naturally spark discussion. Of course, not all pre-auth RCEs are created equal, and while CVE-2025-50165 has a hefty CVSSv3 base score of 9.8, and is certainly a cause for concern, it is not the worst of the worst, since it presumably isn't wormable. Despite that, a degree of alarm is amply justified, since the advisory FAQ mentions - twice! - that user interaction isn't required. Exploitation is via a malicious JPEG file, which could be delivered within an Office document or other means; perhaps even visiting a website would be sufficient, or receiving an email within Outlook, although the advisory doesn't explicitly confirm or deny these other possible attack routes. The malformed JPEG tricks the Windows Graphics Component into code execution via an untrusted pointer dereference. The context of execution isn't specified, so in the standard spirit of caution, we'll assume SYSTEM. This is hardly a new class of problem: we can cast our minds back a dozen years, for instance, and consider the broadly similar MS13-096. However, the specific flaw underlying CVE-2025-50165 is presumably a recent introduction, since only Windows 11 24H2 and Server 2025 receive patches. Patch this one sooner rather than later, since it could provide a skilled attacker with a valuable foothold from which to launch further attacks, including perhaps even today's CVE-2025-53779. The Windows GDI+ (Graphics Device Interface Plus) is at the centre of how almost all two-dimensional graphics are rendered on Windows assets. CVE-2025-53766 is a critical RCE in how GDI+ interprets metafiles, which are often used to store vector graphics. An attacker can achieve code execution via buffer overflow without privileges or user interaction. As with today's CVE-2025-50165, it's unlikely that this vulnerability could be wormable, but the most alarming path to exploitation involved simply uploading a malicious metafile to a Windows machine running unspecified web services. There is no mention of SharePoint, Exchange, Office, or other non-Windows products in the Security Updates section of the advisory, but that still leaves an essentially limitless potential attack surface; for example, anyone running a custom application offering file uploads could find themselves vulnerable to an attacker wielding a dodgy WMF file. On the bright side, the Preview Pane is not a vector in this case. A patch is available for Server 2008, but not Server 2012, a curious and possibly concerning pattern that we see from time to time with RCEs which affect the full historic range of Windows products. Today is certainly a good day for fans of critical RCE vulnerabilities which target weaknesses in how Windows interprets graphics. Exploitation of CVE-2025-50176, a flaw in the DirectX graphics kernel, could lead to execution in a kernel context. Microsoft considers exploitation more likely, which may be why the advisory doesn't provide a great deal of information about the means of exploitation, beyond a terse statement that type confusion is involved. Type confusion is where the kernel receives a pointer which it expects to be for one type of object, but is in fact for another, which is a bit like asking someone to read out loud from a restaurant menu, but then handing them their secret diary and hoping they won't notice the difference. Most people will not be fooled, but under the right circumstances, anything is possible. There are no significant changes to Microsoft product lifecycles this month. However, October will bring a flurry of changes, including the categorical end of support for non-LTSC versions of Windows 10.
Business Insider
6 days ago
- Business
- Business Insider
Nvidia Stock (NVDA) Flattened as European Lawsuit Threatens to Block Sales
U.S. semiconductor giant Nvidia (NVDA) is facing a patent infringement lawsuit which could see some of its products banned in 18 European countries. Nvidia stock was flat in early trading. Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence. Patent Complaint ParTec AG, which specializes in the development and manufacture of supercomputers for high-performance computing and AI based on its modular high-performance computing (HPC) systems and quantum computers (QC), and its licensing agent BF exaQC, took the action today at the Unified Patent Court in Munich, Germany. The case involves alleged infringement of a ParTec patent covering the arrangement and interaction of CPUs and GPUs in AI supercomputers, and seeks to block sales of Nvidia's DGX products in 18 patent-protected European countries. ParTec said it is also seeking damages and disclosure of past sales related to the accused products. ParTec, along with BF exaQC AG, holds an extensive patent portfolio in the field of supercomputing and microprocessors. A core element of the patent portfolio is the dynamic Modular System Architecture (dMSA) developed and patented by ParTec. European Supercomputers Among other things, it can be used to intelligently assign microprocessors of different designs and capabilities, such as CPU and GPU, to each other, even during a calculation. ParTec's dMSA is now used in many of Europe's largest supercomputers and plays an important role in artificial intelligence supercomputers. Bernhard Frohwitter, CEO of ParTec, stated: 'NVIDIA utilizes our patented dMSA technology, which is essential for the operation of a high-performance AI supercomputing infrastructure. The U.S. currently holds a near-monopoly in this area, which places European companies in a highly dependent position, threatening Europe's standing as a high-tech location. We cannot accept our technology's usage while our rights assertion blocks collaboration.' As seen above, legal and regulatory risks are key for Nvidia stock and its investors. Is NVDA a Good Stock to Buy Now? On TipRanks, NVDA has a Strong Buy consensus based on 35 Buy, 3 Hold and 1 Sell ratings. Its highest price target is $250. NVDA stock's consensus price target is $187.57, implying a 2.73% upside.
Techday NZ
16-07-2025
- Techday NZ
Golden dMSA flaw in Windows Server 2025 exposes Active Directory
Security researchers have identified a critical flaw in delegated Managed Service Accounts (dMSA) within Windows Server 2025 that could allow attackers to maintain persistent and widespread access across Active Directory environments. Flaw found in dMSA The vulnerability, uncovered by Semperis security researcher Adi Malyanker, has been termed the Golden dMSA attack. It takes advantage of a design issue in dMSAs, a security feature first introduced in Windows Server 2025, which can be misused by bad actors to gain ongoing access and elevate privileges across domains after compromising a forest-level account. Malyanker developed a tool named GoldenDMSA to demonstrate and analyse the technique, enabling security practitioners to examine in detail how the attack could be executed in operational networks. The research shows that the attack leverages a predictable element within the ManagedPasswordId structure of dMSAs. This identifier includes time-based components that, according to Semperis, present only 1,024 possible combinations. This low number of possibilities makes brute-force attacks on service account passwords computationally straightforward, potentially enabling a threat actor not only to persist in an Active Directory environment but also to move laterally across domains. "Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments. I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organisations should proactively assess their systems to stay ahead of this emerging threat," said Malyanker. Risk assessment and implications Semperis has rated the risk associated with the Golden dMSA technique as moderate. However, the researchers warn that in cases where an attacker achieves initial forest-level compromise, the method could make it possible to completely take over dMSA or Group Managed Service Account (gMSA) environments. Successful exploitation would allow attackers to maintain control without detection for extended periods, posing a severe threat to corporate and governmental IT infrastructure. The potential for widespread, persistent access stems from the architectural flaw in how dMSA passwords are generated and managed. By exploiting the weak cryptographic and structural protections, attackers could automate the generation of valid account credentials for managed service accounts, undermining protections intended to secure critical identity services. Recent related work The Golden dMSA research builds on previous work by Semperis in the field of identity threat detection. The group has reported on other vulnerabilities, such as nOauth, which affects Microsoft's Entra ID and may permit full account takeover in software-as-a-service applications. Semperis has also implemented detection features in its Directory Services Protector platform to defend against BadSuccessor, another high-impact privilege escalation technique that targets a recently introduced functionality in Windows Server 2025. This comes in addition to the Silver SAML vulnerability discovered by the team, a new variant related to Golden SAML attacks from the SolarWinds incident, which can bypass conventional security measures in Entra ID-integrated applications. Recommendations and industry impact The research underscores the need for organisations using Windows Server 2025 and managed service accounts to carry out active risk assessments and update their security controls. Attackers exploiting weaknesses in dMSA structures could not only remain undetected but also have unrestricted access to valuable resources across a company's entire digital estate. Industry observers and IT departments are expected to analyse the implications of the flaw, explore mitigation options, and consider how tools such as GoldenDMSA can be used by defenders to better understand and counteract these attack vectors. The ability to simulate attacks is viewed as a vital capability for defenders and researchers, supporting a more robust defensive posture against evolving identity-based threats.
