Semperis Introduces Effective Defenses Against Windows 2025 Vulnerability
Semperis, a leading organization in identity security and cyber resilience, has launched a major release of its Directory Services Protector (DSP) platform, which will enable organizations to stop an emerging and dangerous threat known as BadSuccessor that has implications for a feature in the next version of Windows Server, Windows Server 2025.
Like other security threads, BadSuccessor’s risk targets a specific feature—delegated Managed Service Accounts (dMSAs)—meant to improve security for service accounts. Security researchers at Akamai uncovered a flaw, enabling attackers to use dMSAs to impersonate privileged users in Active Directory (AD) environments, including Domain Admins. Additionally, Microsoft has not released a patch, still leaving enterprises that use new Microsoft Windows Server 2022 or 2025 at risk.
Organizations have long faced vulnerabilities from service accounts in enterprise environments. They tend to have excessive access, are under controls, and go largely unmonitored. BadSuccessor brings to light just how complicated and under governed this space can be. BadSuccessor is also a known as an emerging, significant risk. Should an attacker achieve compromised or rejected user access to help assumed trust to give themselves heightened privileges, they could—through unlimited access—move at breakneck speed throughout the targeted organization’s network.
To address this issue, Semperis collaborated with Akamai directly to advance research into relevant actions. The outcome: one new exposure indicator, and three compromise indicators are now available in the DSP platform – solid capabilities to help security teams identify anomalous behaviors in dMSAs – such as over-delegated rights, awkwardly linked privileged accounts, or suspicious targeting of sensitive accounts like KRBTGT.
Security experts from both Semperis and Akamai believe this fast collaboration stands as a case study for how security vendors and researchers need to identify and respond to evolving threats. Both Semperis and Akamai experts agree – as Yuval Gordon from Akamai noted, “Abuse of service accounts is an increasing concern. We demonstrated that we can effectuate change quickly.” Semperis researcher Tomer Nahum, reminded all – “Service accounts are powerful, but remain one of the least managed areas of enterprise IT.”
The vulnerability affects any organization that utilizes Windows Server 2025 with one or more domain controllers. Misconfiguring just one setting can expose an entire environment. Prior to an official fix, organizations are encouraged to examine relevant dMSA permissions and leverage tools like Semperis DSP to monitor the dMSAs and detect potential abuse.
____________________________________________________________________________________________________
Latest Stories
JetBlue Utilizes PASSUR ARiVA to Reduce Flight Disruptions
