A recent vulnerability in Windows Server 2025’s dMSA feature allows attackers to escalate privileges in Active Directory by simulating account migrations with minimal permissions. This flaw could enable threat actors to compromise any user, including high-privilege accounts, across most organizations using AD. #dMSAVulnerability #ActiveDirectoryCompromise
Keypoints
- The dMSA feature was introduced to improve security but contains a privilege escalation flaw.
- An attacker can simulate a migration by modifying specific attributes, granting full permissions without high-level access.
- The attack works on default configurations and can affect most Active Directory environments with Windows Server 2025.
- The vulnerability allows access to user credentials and keys, posing a significant threat to domain security.
- Microsoft has acknowledged the issue and plans to issue a patch, but no fix is available yet; interim measures include permission restrictions.
Read More: https://thecyberexpress.com/active-directory-dmsa-attack/