Semperis, a company specializing in AI-powered identity security and cyber resilience, has recently revealed serious vulnerabilities in Windows Server 2025. Their research highlights a critical flaw in the design of delegated Managed Service Accounts (dMSAs), which could facilitate high-impact cyberattacks, including unauthorized cross-domain access.
The vulnerability allows attackers to maintain persistent access to managed service accounts and their resources within Active Directory. Semperis Researcher Adi Malyanker has developed a tool called GoldenDMSA that replicates the logic behind this attack, which permits users to simulate and analyze potential exploit scenarios. This new method takes advantage of a cryptographic weakness in the ManagedPasswordId structure, which restricts possible password combinations to just 1,024 options, making it relatively easy for attackers to utilize brute-force techniques.
Malyanker emphasizes that this exploit exposes a design flaw that can enable the generation of service account passwords, allowing attackers to infiltrate Active Directory environments without detection. He urges organizations to proactively evaluate their systems to mitigate this emerging threat.
The research also comes alongside other findings from Semperis, which include insights on the nOauth vulnerability that could lead to full account takeovers in susceptible SaaS applications.
To read the complete research, visit Semperis’ blog on the Golden dMSA vulnerability here.