Summary: Microsoft has patched a critical elevation of privilege vulnerability (CVE-2025-21293) in Active Directory Domain Services, which could allow an attacker to escalate privileges to SYSTEM. Discovered by researcher Sebastian Sadeq Birke, the vulnerability stems from excessive permissions granted to the “Network Configuration Operators” group. A proof-of-concept exploit has been published, and organizations are urged to apply the security update promptly to mitigate risks.
Affected: Active Directory Domain Services (AD DS)
Keypoints :
- Vulnerability allows privilege escalation to SYSTEM via Active Directory security group abuse.
- Excessive permissions were identified in the “Network Configuration Operators” group.
- Microsoft released a security update on January 14, 2025, to address the vulnerability.