CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
A critical privilege escalation vulnerability has been discovered in the delegated Managed Service Account (dMSA) feature of Windows Server 2025's Active Directory. This flaw, dubbed "BadSuccessor," allows attackers with minimal permissions, specifically the ability to create objects inside an Active Directory organizational unit, to gain control over any user in the Active Directory domain, including Domain Admins. The vulnerability stems from improper permission handling during dMSA migration, where unauthorized users can simulate a migration process and inherit permissions of other accounts, even those with Domain Admin privileges. Security researchers have detailed that only write permissions over the attributes of a dMSA are required to execute this attack.
Microsoft has acknowledged the "BadSuccessor" issue in Windows Server 2025 but has rated it as moderate severity, sparking disagreement from security researchers who believe it poses a significant risk. Currently, there is no official patch available from Microsoft to address this vulnerability. This lack of an immediate patch has led security firms such as Akamai to document the privilege escalation flaw, emphasizing the potential for attackers to fully compromise an Active Directory domain by exploiting the dMSA feature. Akamai researchers found that in 91% of the environments they examined, users outside the domain admins group had the required permissions to perform this attack.
Organizations utilizing Active Directory are strongly advised to be aware of this vulnerability and actively monitor for suspicious activity related to dMSA objects. Security researchers are suggesting workarounds to mitigate the risk until Microsoft releases a formal patch. The core of the attack involves abusing the dMSA feature to elevate privileges, highlighting the importance of carefully reviewing and restricting permissions related to dMSA creation and management. Furthermore, the discovery of this vulnerability emphasizes the need for organizations to stay informed about the latest security research and apply necessary security measures to protect their Active Directory environments.
ImgSrc: blogger.googleu
References :
Microsoft has acknowledged the "BadSuccessor" issue in Windows Server 2025 but has rated it as moderate severity, sparking disagreement from security researchers who believe it poses a significant risk. Currently, there is no official patch available from Microsoft to address this vulnerability. This lack of an immediate patch has led security firms such as Akamai to document the privilege escalation flaw, emphasizing the potential for attackers to fully compromise an Active Directory domain by exploiting the dMSA feature. Akamai researchers found that in 91% of the environments they examined, users outside the domain admins group had the required permissions to perform this attack.
Organizations utilizing Active Directory are strongly advised to be aware of this vulnerability and actively monitor for suspicious activity related to dMSA objects. Security researchers are suggesting workarounds to mitigate the risk until Microsoft releases a formal patch. The core of the attack involves abusing the dMSA feature to elevate privileges, highlighting the importance of carefully reviewing and restricting permissions related to dMSA creation and management. Furthermore, the discovery of this vulnerability emphasizes the need for organizations to stay informed about the latest security research and apply necessary security measures to protect their Active Directory environments.
ImgSrc: blogger.googleu
Share:
References :
- thecyberexpress.com: Active Directory dMSA Privilege Escalation Attack Detailed by Researchers
- Davey Winder: New Windows Server 2025 Attack Compromises Any Active Directory User
- The Hacker News: Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
- www.csoonline.com: BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover
- Help Net Security: A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins.
- hackplayers: BadSuccessor: escalada de privilegios abusando de dMSA en Active Directory
- www.helpnetsecurity.com: Unpatched Windows Server vulnerability allows full domain compromise
- borncity.com: BadSuccessor: Abusing dMSA to elevate privileges in Active Directory
- thecyberexpress.com: Active Directory dMSA Privilege Escalation Attack Detailed by Researchers
- borncity.com: BadSuccessor: Abusing dMSA to elevate privileges in Active Directory
- www.scworld.com: Details - Cyber Security News
- hackread.com: BadSuccessor Exploits Windows Server 2025 Flaw for Full AD Takeover
- Assura, Inc.: Cyber Heads Up: “BadSuccessorâ€â€”A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025
- www.assurainc.com: Cyber Heads Up: “BadSuccessorâ€â€”A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025
- securityboulevard.com: Cyber Heads Up: “BadSuccessorâ€â€”A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025
- ciso2ciso.com: Cyber Heads Up: “BadSuccessorâ€â€”A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025 – Source: securityboulevard.com
- securityboulevard.com: Cyber Heads Up: “BadSuccessorâ€â€”A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025
- gbhackers.com: SharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor Flaw
- cyberpress.org: SharpSuccessor: Weaponizing Windows Server 2025 BadSuccessor Vulnerability
- securityonline.info: Windows Server 2025 “BadSuccessor” Flaw Allows Domain Takeover (PoC Available, No Patch)
- securityonline.info: Akamai security researcher Yuval Gordon has uncovered an Active Directory privilege escalation vulnerability in Windows Server 2025, revealing
- Cyber Security News: Critical privilege escalation vulnerability in Windows Server 2025’s Active Directory infrastructure has been weaponized through a new proof-of-concept tool called SharpSuccessor
- gbhackers.com: A critical privilege escalation vulnerability in Windows Server 2025’s delegated Managed Service Account (dMSA) feature enables attackers to compromise Active Directory domains using tools like SharpSuccessor.
- SOC Prime Blog: BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory
Classification:
- HashTags: #ActiveDirectory #dMSA #PrivEscalation
- Company: Microsoft
- Target: Active Directory Users
- Attacker: Akamai Researcher
- Product: Active Directory
- Feature: Privilege Escalation
- Malware: BadSuccessor
- Type: Vulnerability
- Severity: Major