Thursday, 31 July 2025
28 C
Singapore
28.9 C
Thailand
20.9 C
Indonesia
28.4 C
Philippines

Semperis and Akamai address critical Active Directory flaw in Windows Server 2025

Semperis and Akamai introduce new detection tools to counter a critical Windows Server 2025 vulnerability affecting Active Directory security.

Semperis has announced new detection features in its Directory Services Protector (DSP) platform to guard against a critical security flaw in Windows Server 2025. The vulnerability, known as “BadSuccessor,” allows attackers to escalate privileges by exploiting a new feature called delegated Managed Service Accounts (dMSAs).

The update was developed in collaboration with Akamai, whose research team first uncovered the flaw. With no official patch currently available, these new capabilities offer a practical way for organisations to monitor and detect suspicious activity before a compromise can take place.

Exposing a flaw in service account delegation

The BadSuccessor vulnerability targets dMSAs, a feature introduced in Windows Server 2025 intended to strengthen service account security. However, Akamai researchers discovered that attackers can exploit dMSAs to impersonate high-privilege Active Directory users, including Domain Admins. This can be done without triggering alerts and without requiring an available patch.

The flaw highlights a broader issue in enterprise identity security: poor governance of service accounts. These accounts are often configured with excessive privileges or left unmonitored, giving attackers a hidden path to escalate access and move laterally across networks.

“The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call,” said Yuval Gordon, Security Researcher at Akamai. “Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact.”

New detection features added to Semperis DSP

In response to the vulnerability, Semperis has introduced one new Indicator of Exposure (IOE) and three Indicators of Compromise (IOCs) to its DSP platform. These updates are designed to help security teams identify abnormal behaviour linked to dMSAs.

The indicators focus on detecting excessive delegation rights, suspicious associations between dMSAs and privileged accounts, and attempts to manipulate sensitive accounts such as KRBTGT, which handles authentication tickets in Active Directory.

Tomer Nahum, Security Researcher at Semperis, said, “Service accounts remain one of the least governed yet most powerful assets in enterprise environments. This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit.”

Call for proactive defence until a patch is available

The vulnerability affects any organisation running at least one domain controller on Windows Server 2025. Even a single misconfigured server could expose the entire environment to risk. While Microsoft has not yet issued a fix, Semperis and Akamai are urging organisations to take immediate action.

Until a patch is released, businesses are advised to audit their dMSA configurations and use updated detection platforms such as Semperis DSP to monitor for signs of misuse. The swift collaboration between security vendors and researchers is seen as a positive step in addressing identity-based threats before they cause widespread damage.

Hot this week

Microsoft introduces Copilot Mode in Edge to reshape browser usage

Microsoft launches Copilot Mode in Edge, offering AI-powered tools for smarter, voice-enabled browsing and productivity.

Alibaba unveils Wan2.2 open-source video generation models for cinematic content creation

Alibaba launches Wan2.2 MoE-based open-source models to help creators generate cinematic video content with better control and efficiency.

APAC retailers ramp up loyalty strategies amid growing economic pressures

APAC retailers are boosting loyalty and personalisation strategies to drive engagement and revenue amid uncertain economic conditions.

Apple to close Dalian retail store as Huawei reclaims top spot in China

Apple to shut its Dalian store as Huawei leads China’s smartphone market with strong second-quarter growth.

Motorola Solutions introduces AI nutrition labels for safety and security tech

Motorola Solutions launches AI nutrition labels to boost transparency in public safety and enterprise security technologies.

Yelp launches AI-generated videos for restaurants and nightlife venues

Yelp introduces AI-generated videos to showcase restaurants and nightlife spots using user content, OpenAI scripts, and voiceovers from ElevenLabs.

Google adds AI-powered narrated slideshows to NotebookLM

Google updates NotebookLM with Video Overviews, enabling AI-generated narrated slideshows using user documents and visual elements.

YouTube to use AI to identify and restrict underage users’ accounts

YouTube will use AI to identify underage users in the US and apply child safety restrictions, including limits on ads and video content.

Opera files competition complaint in Brazil over Microsoft’s Edge tactics

Opera files a competition complaint in Brazil, accusing Microsoft of steering users toward Edge through anti-competitive tactics in Windows.

Related Articles

Popular Categories