New Windows Server 2025 Attack Compromises Any Active Directory User
New Windows Server 2025 vulnerability confirmed.
Although you are far more likely to read about vulnerabilities impacting the Windows operating system, including those that have long since reached end-of-support status such as Windows 7, this doesn't mean that Windows Server users are not in the crosshairs of threat actors. Far from it, and not just legacy versions either, as security researchers reveal a new, and trivial to implement, Windows Server 2025 vulnerability that could compromise any Active Directory user. Here's what you need to know.
Privilege escalation vulnerabilities are among the worst you can be faced with, as, rather obviously, they enable a successful attacker to do way more than they should be able to given the lack of permissions they started with. Yuval Gordon, a senior security researcher at Akamai Technologies, has exclusively shared details of a particularly concerning privilege escalation vulnerability impacting Windows Server 2025. Not only because, as Gordon explained, it allows an attacker to 'compromise any user in Active Directory,' but also as it 'works with the default configuration, and is trivial to implement.' If you thought things couldn't get any worse, you'd be wrong: no patch is currently available.
Akamai has named the vulnerability and associated exploit as BadSuccessor, and confirmed that it abuses the delegated Managed Service Account feature introduced with Windows Server 2025. 'In 91% of the environments we examined,' Gordon said, 'we found users outside the domain admins group that had the required permissions to perform this attack.' BadSuccessor might be trivial to implement, but the consequences of a successful attack are far from the same.
Full attack flow, showing all steps needed to have a BadSuccessor.
A key feature of dMSA is the ability to migrate existing and non-managed service accounts by seamlessly converting them into dMSAs, and it's this that is the issue. 'By abusing dMSAs, attackers can take over any principal in the domain,' Gordon said. All an attacker needs to be able to exploit the BadSuccessor vulnerability is a seemingly benign permission on any organizational unit in the domain. Here's the real killer though: as long as you have one Windows Server 2025 domain controller, your domain doesn't even need to be using dMSAs at all, the exploit will work anyway.
I would advise every Windows Server administrator to read the full report in its entirety, and as a matter of some urgency. In the meantime, I spoke with Yuval Gordon who reiterated that BadSuccessor is not only 'so dangerous because the attack is so simple,' but added that Akamai researchers were 'surprised that we were first to discover it.' The only good news, such as it is, would be that there is no evidence to conclusively show that BadSuccessor has been exploited by attackers in the wild at this point, but given that 'most organisations aren't currently monitoring the relevant events,' Gordon said it's hard to say for certain .
Gordon recommended that organizations and admins need to identify which users have the specific permissions that make this attack possible, and, having done so, review and remove unnecessary permissions. 'We're releasing a PowerShell script alongside the blog post to help with that,' Gordon told me, so that would be a good starting point. 'It highlights exactly which users have risky access so defenders know where to focus,' Gordon concluded.
I reached out to Microsoft for a statement, and a spokesman said: 'We appreciate Akamai for identifying and responsibly reporting this issue. After careful investigation, this case was rated as a Moderate severity that does not meet our bar for immediate servicing, as the technique requires elevated user permissions to be successful. We will look to address this issue in a future update.'
Microsoft also said that for BadSuccessor to be successful, an attacker would require access to the msds-groupMSAMembership attribute of the dMSA. This attribute allows the user to utilize the dMSA.msds-ManagedAccountPrecededByLink. The attacker needs write access to this attribute, which allows them to specify a user, such as an administrator, that the dMSA can act on behalf of.
All users of Windows Server 2025 are advised to take action and protect against the threat until Microsoft issues a fix.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fox News
27 minutes ago
- Fox News
Elon Musk says US is ruled by 'Porky Pig Party' as Trump defends his vision against former ally's criticism
Elon Musk has not given up his criticism over what he sees as a lack of spending cuts in the GOP's "big, beautiful bill," insisting on his platform X on Monday "that we live in a one-party country" and threatening that if the bill passes a new "America Party" would be formed. Musk's criticism of the Republican spending package began before he even left the Trump administration as a special government employee heading the Department of Government Efficiency (DOGE). It continued following his departure, with Musk describing the bill as "pork-filled" and a "disgusting abomination" earlier this month. The billionaire entrepreneur has lamented that the bill could work to undo much of the work he accomplished with DOGE. "It is obvious with the insane spending of this bill, which increases the debt ceiling by a record FIVE TRILLION DOLLARS that we live in a one-party country – the PORKY PIG PARTY!!" Musk wrote on X Monday afternoon as the Senate continued to consider the House-passed spending bill. "Time for a new political party that actually cares about the people," Musk added. In a separate post on X Monday evening, Musk doubled down on his claim that the U.S. is governed by a one-party system. "They just pretend to be two parties," he wrote, sharing a post alongside a graphic showing how much the national debt has steadily increased every year. "It's just one uniparty in reality." Meanwhile, the billionaire entrepreneur threatened that "if this insane spending bill passes, the America Party will be formed the next day." "Our country needs an alternative to the Democrat-Republican uniparty so that the people actually have a VOICE," Musk wrote Monday evening on X. Musk previously said he was "disappointed" in the spending bill because "it undermines" all the work his DOGE team was accomplishing to cut back on waste, fraud and abuse in the federal government. However, Senate Majority Leader John Thune, R–S.D., refuted Musk's claim that the bill would upend all the work he did with DOGE, noting in an interview that "a lot of what Elon was working on was on the discretionary side of the budget, which [the "big, beautiful bill"] doesn't touch." Office of Management and Budget Director Russell Vought clarified in an interview with The Blaze's Glenn Beck that the GOP's "big, beautiful bill" cannot legally include cuts to discretionary spending — the very category targeted by Musk's DOGE initiative, he noted. The bill includes discretionary spending instructions for defense and border security, but final approval still requires passage through the congressional appropriations process. Earlier this month, after formally leaving his post in the Trump administration, Musk shared a social media post President Donald Trump posted in 2013, noting he was "embarrassed" at the time to be a Republican after the party extended the debt ceiling. Musk shared the former post and wrote: "wise words." Several days prior, Musk referred to the Trump-endorsed "big, beautiful bill" as a "disgusting abomination." He has also previously suggested the bill would kill jobs and raise taxes on renewable energy projects not yet even underway. The feud between Musk and Trump and his supporters of the bill escalated even further after Musk sought to link Trump to the Jeffrey Epstein child sex scandal in a now-deleted post. When reached for comment about Musk's complaints about the Trump-endorsed spending package, the White House pointed to the president's comments over the weekend to Fox News Business. When asked on Sunday during an interview with Fox Business anchor Maria Bartiromo about his relationship with Musk since he left the White House, the president described Musk as a "wonderful guy." Later, Trump described some of Musk's post–White House behavior as inappropriate. "I think he's a wonderful guy. I haven't spoken to him much, but I think Elon is a wonderful guy, and I know he's going to do well always," Trump said. "He's a smart guy. And he actually went and campaigned with me and this and that. But he got a little bit upset, and that wasn't appropriate." "Why did he get upset? He just wasn't getting what he wanted?" Bartiromo questioned. "Look, the electric vehicle mandate, the EV mandate, is a tough thing for him," Trump explained. "I would, you know, I don't want everybody to have an electric car. You know, I campaigned on choice — you have — choice… not everybody should have that and not everybody wants that."
Yahoo
28 minutes ago
- Yahoo
Musk's xAI raises $5 billion each in fresh debt and equity, Morgan Stanley says
(Reuters) -Elon Musk's xAI has completed a $5 billion debt raise alongside a separate $5 billion strategic equity investment, Morgan Stanley said on Monday, as the startup looks to expand its AI infrastructure through data centres amid intensifying competition in the industry. The $5 billion raised in debt consists of financing of secured notes and term loans, Morgan Stanley in a statement posted on social media platform X. The deal was oversubscribed and included prominent global debt investors, it added. Reuters earlier reported that xAI was on track to close on a $5 billion debt raise led by Morgan Stanley, despite tepid investor demand. In a separate report, Bloomberg News said that xAI was in talks to raise $4.3 billion through an equity investment on top of its $5 billion debt funding plans. XAI did not immediately respond to a Reuters request for comment outside regular business hours. The proceeds will support xAI's continued development of AI solutions, a data center and its flagship Grok platform, the bank said. Apart from selling debt, xAI has also been in talks to raise about $20 billion in equity, which would value the company at more than $120 billion, with some investors placing valuations as high as $200 billion. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Digital Trends
32 minutes ago
- Digital Trends
Hisense U6 4K TV on sale in early Prime Day deal — 85-inch model is 30% off
Prime Day 2025 won't officially start until next week, but Amazon already slashed the prices of some 4K TVs for those who can't wait to buy upgrades for their home theater setup. Here's an offer that you should consider — the 85-inch Hisense U6 Series 4K TV for $1,398, following a 30% discount on its original price of $2,000 for savings of $602. If that screen's too large for you, you can also get the 65-inch model for $662 instead of $1,000 for a 34% discount, or savings of $338, and the 55-inch model for $480 instead of $800 for a 40% discount, or savings of $320. These TV deals will only be available for a limited time, so you better hurry as it doesn't look like they'll still be around when Prime Day launches. Why you should buy the Hisense U6 Series 4K TV No matter which model of the Hisense U6 Series 4K TV you decide to purchase (and our guide on what size TV you should buy will help with that choice), you'll be getting a screen that's powered by mini-LED QLED technology. Hisense, which is one of the best TV brands, calls it ULED technology, and it enables amazing brightness and contrast for excellent picture quality. Combined with Dolby Vision and Dolby Atmos, it will feel like you're in the cinemas while you're watching shows and movies at home. Gamer swill love the Hisense U6 Series 4K TV's Game Mode Pro, which offers a variable refresh rate of up to 144Hz for lag-free gameplay. It's also a smart TV that runs on Amazon's Fire TV, which will not only give you access to all of the popular streaming services, but will also allow voice commands with Amazon's Alexa through the included remote control. The Hisense U6 Series 4K TV is on sale from Amazon in an early Prime Day deal that you wouldn't want to miss. If you want a large display in your living room, you can go for the 85-inch model, which is 30% off to go down to $1,398 from $2,000 for a $602 discount. You can also score savings on smaller screens, with the 65-inch model at 34% off to go down to $662 from $1,000 for a $338 discount, and the 55-inch model at 40% off to go down to $480 from $800 for a $320 discount. You need to act fast though, as these offers may expire at any moment.
