Semperis discovers critical flaw in Windows Server 2025


By Dylan Bushell-Embling
Thursday, 17 July, 2025

Semperis discovers critical flaw in Windows Server 2025

Researchers from identity security company Semperis have discovered what they are calling a critical design flaw in Windows Server 2025 that has exposed managed service accounts to attacks from malicious actors.

The flaw can result in high-impact attacks enabling cross-domain lateral movement and indefinite access to all delegated managed service accounts (DMSA) across Active Directory.

Semperis researcher Adi Malyanker built a tool called GoldenDMSA that can exploit the vulnerability, enabling users to explore, evaluate and simulate how the technique may be leveraged in real-world environments.

The attack leverages a cryptographic vulnerability that can exploit the architectural foundation of DSMAs, the ManagedPasswordId structure, which contains predictable time-based components with only 1024 combinations, making brute-force password generation trivial.

“Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments,” Malyanker said. “I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organisations should proactively assess their systems to stay ahead of this emerging threat.”

Detection of Golden dMSA activity requires manual log configuration and auditing, making mitigation a complicated and difficult task. But to exploit the vulnerability, attackers must possess a KDS root key available only to only the most privileged accounts. As a result, Semperis has rated the vulnerability as having only a moderate risk.

Image credit: iStock.com/MF3d

Related News

APAC workers in need of phishing training: report

A report from workforce security company KnowBe4 indicates that 1 in 3 Australian employees is...

Critical vulnerabilities doubled in past year: report

Research published by Check Point indicates that critical vulnerabilities have doubled since last...

DigiCert launches Quantum Central tool

DigiCert's recently launched Quantum Central solution can help security and IT teams prepare...


  • All content Copyright © 2026 Westwick-Farrow Pty Ltd