A privilege escalation vulnerability has been uncovered in Windows Server 2025 that enables attackers to compromise any user within Active Directory (AD). This flaw revolves around the use of Delegated Managed Service Accounts (dMSA), a feature introduced to improve security against Kerberoasting attacks. Research indicates that many organizations misconfigure dMSA settings, inadvertently allowing users not in the domain admins group to exploit this vulnerability. The attack, referred to as BadSuccessor, has raised significant concerns for AD environments, highlighting the need for better security practices in the implementation of dMSAs.
dMSA allows users to create them as a standalone account, or to replace an existing standard service account. When a dMSA supersedes an existing account, authentication...
Collection
[
|
...
]