Tuesday, 17 June 2025
26.8 C
Singapore
28.1 C
Thailand
20.4 C
Indonesia
27.8 C
Philippines

Semperis and Akamai address critical Active Directory flaw in Windows Server 2025

Semperis and Akamai introduce new detection tools to counter a critical Windows Server 2025 vulnerability affecting Active Directory security.

Semperis has announced new detection features in its Directory Services Protector (DSP) platform to guard against a critical security flaw in Windows Server 2025. The vulnerability, known as “BadSuccessor,” allows attackers to escalate privileges by exploiting a new feature called delegated Managed Service Accounts (dMSAs).

The update was developed in collaboration with Akamai, whose research team first uncovered the flaw. With no official patch currently available, these new capabilities offer a practical way for organisations to monitor and detect suspicious activity before a compromise can take place.

Exposing a flaw in service account delegation

The BadSuccessor vulnerability targets dMSAs, a feature introduced in Windows Server 2025 intended to strengthen service account security. However, Akamai researchers discovered that attackers can exploit dMSAs to impersonate high-privilege Active Directory users, including Domain Admins. This can be done without triggering alerts and without requiring an available patch.

The flaw highlights a broader issue in enterprise identity security: poor governance of service accounts. These accounts are often configured with excessive privileges or left unmonitored, giving attackers a hidden path to escalate access and move laterally across networks.

“The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call,” said Yuval Gordon, Security Researcher at Akamai. “Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact.”

New detection features added to Semperis DSP

In response to the vulnerability, Semperis has introduced one new Indicator of Exposure (IOE) and three Indicators of Compromise (IOCs) to its DSP platform. These updates are designed to help security teams identify abnormal behaviour linked to dMSAs.

The indicators focus on detecting excessive delegation rights, suspicious associations between dMSAs and privileged accounts, and attempts to manipulate sensitive accounts such as KRBTGT, which handles authentication tickets in Active Directory.

Tomer Nahum, Security Researcher at Semperis, said, “Service accounts remain one of the least governed yet most powerful assets in enterprise environments. This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit.”

Call for proactive defence until a patch is available

The vulnerability affects any organisation running at least one domain controller on Windows Server 2025. Even a single misconfigured server could expose the entire environment to risk. While Microsoft has not yet issued a fix, Semperis and Akamai are urging organisations to take immediate action.

Until a patch is released, businesses are advised to audit their dMSA configurations and use updated detection platforms such as Semperis DSP to monitor for signs of misuse. The swift collaboration between security vendors and researchers is seen as a positive step in addressing identity-based threats before they cause widespread damage.

Hot this week

Building future-ready B2B teams through AI innovation

How B2B teams across APAC can build the skills and mindset needed to stay competitive in a fast-changing AI-driven business world.

Apple’s visionOS 26 brings spatial widgets, lifelike avatars, and shared experiences

Apple’s visionOS 26 update brings spatial widgets, improved avatars, and shared headset experiences for a more immersive digital world.

Apple unveils macOS Tahoe with smarter tools and a new look

Apple reveals macOS Tahoe, which will be released this autumn and feature a fresh design, iPhone link upgrades, and smarter Spotlight tools.

OpenAI says it now earns US$10 billion a year in revenue

OpenAI says its yearly revenue is now US$10B, doubling last year’s total, and its AI tools are used by over 500 million users and 3 million businesses.

Coco Robotics secures US$80 million to expand delivery robot services

Coco Robotics raises US$80M to expand its eco-friendly delivery robots. It is backed by Sam Altman and partnered with OpenAI for real-world AI training.

Take control of your health with the new Galaxy Watch features

Samsung’s new Galaxy Watch will guide your sleep, track antioxidants, and offer a personalised running coach to support your wellness journey.

Meta brings sponsored content to WhatsApp

WhatsApp shows ads in the Status feature and promoted channels, but your private chats and messages will stay ad-free.

Anker recalls over 1.1 million power banks due to fire risk: Check if yours is one of them

Anker is recalling over 1.1 million PowerCore power banks due to fire risks. Check your model number and serial number to stay safe.

Nubia introduces Pad Pro to shake up Android tablet market with low price and high specs

Nubia Pad Pro launches globally with powerful specs, a sleek design, and a low starting price of US$419, rivalling big-name Android tablets.

Related Articles

Popular Categories