Windows Server 2025 Flaw: BadSuccessor Attack Leaves Active Directory Users Vulnerable
Windows Server 2025 has a critical flaw allowing attackers to compromise Active Directory users via the BadSuccessor attack. Discovered by Akamai, this vulnerability lets attackers exploit the dMSA feature to gain unauthorized access. With no patch in sight, organizations must act swiftly to mitigate potential security risks.
Hot Take:
Windows Server 2025 may have just ordered a one-way ticket to the Vulnerability Hall of Shame. Thanks to the newfound BadSuccessor attack, Active Directory users could be compromised faster than you can say “delegated Managed Service Accounts.” With no immediate patch in sight, organizations should probably start practicing their best “freak-out” faces, because this flaw isn’t going anywhere soon.
Key Points:
- BadSuccessor attack can escalate privileges by exploiting dMSA feature in Windows Server 2025.
- Attackers can gain permissions of any Active Directory user, including highly privileged accounts.
- 91% of tested environments were susceptible to this vulnerability, even outside of domain admins group.
- No immediate patch from Microsoft; vulnerability rated as Moderate severity.
- Organizations recommended to monitor dMSA objects and review permissions to mitigate risks.
Already a member? Log in here