Cybersecurity experts have uncovered a severe vulnerability in Windows Server 2025βs delegated Managed Service Accounts, enabling attackers to gain persistent, forest-wide access. The flaw exploits a predictable password-generation structure and the misuse of the KDS root key, risking widespread control over enterprise environments. #GoldendMSA #KDSRootKey
Keypoints
- The critical flaw resides in Windows Server 2025βs delegated Managed Service Accounts feature.
- Exploitation requires possession of the privileged KDS root key, usually held by domain administrators.
- The attack allows attackers to generate passwords for all managed service accounts, enabling lateral movement across domains.
- The vulnerability simplifies brute-force password cracking due to predictable time-based password components.
- Microsoft states that current protections like Credential Guard do not prevent this cryptographic vulnerability.
Read More: https://thehackernews.com/2025/07/critical-golden-dmsa-attack-in-windows.html