Our free webinar on network security will take place on 17.06.2025 at 16:00. Find out more now.

DEFENDERBOX Simple. Fast. Cybersecure.
+ 0 Security scans
make the DEFENDERBOX trustworthy.

Critical security vulnerability in Windows Server 2025

dMSA function opens the door to the Active Directory for attackers!

Researchers from the security company Akamai have discovered a serious security vulnerability in Windows Server 2025 that potentially affects every company that relies on Active Directory (AD). The risk: Attackers can use the new function for delegated Managed Service Accounts (dMSA) to gain increased authorizations in the network undetected — and thus compromise sensitive areas.

Our recommendation at DEFENDERBOX:

We help to identify exploitable security gaps! How? Find out how secure your company is with a test installation! Now to the Familiarization price test!

What is behind the Windows security vulnerability?

Windows Server 2025 introduced the dMSA feature, which is intended to replace classic service accounts with managed, delegable accounts. The idea: more automation, less administration effort.

But this is precisely where the danger lies. An attacker only needs minimal permissions in any organizational unit (OU) of the Active Directory — a constellation that is completely inconspicuous in most corporate networks. Even if the dMSA feature is not actively used, the attack surface remains as soon as a Windows Server 2025 Domain Controller is integrated.

Who is affected?

According to Akamai, 91 % of the AD environments tested are potentially vulnerable. In many cases, normal users — without administrator rights — have sufficient authorizations to create dMSAs and thus gain access to privileged accounts. This is a dangerous gap that companies carry unnoticed in their systems.

What can companies do now?

Until Microsoft provides an official security update, companies should take urgent action:

  • Check who is authorized to create dMSAs.
    Restrict this right to explicitly trusted admin accounts.

  • Use the PowerShell script from Akamaito generate a list of all users with dMSA creation rights. This allows potential risks to be specifically identified.

  • Document and check authorizations regularlyespecially in hybrid or complex AD structures.

  • Rely on continuous security analyses. The DEFENDERBOX identifies precisely such potential security gaps — automatically, audit-proof and without interrupting your systems.

Conclusion: Passive security is no longer enough

The dMSA gap shows once again how important it is to integrate active security monitoring and early detection of potential threats into everyday IT operations. What at first glance appears to be a convenient feature can turn out to be a massive risk for your infrastructure. Companies should act now — before attackers do.

Tip: Mit der DEFENDERBOX erkennen Sie Sicherheitslücken, noch bevor sie öffentlich bekannt – und bevor sie ausgenutzt werden können. Jetzt here find out more!

Ihre Cybersicherheit ist unser Auftrag! Automatisiertes Pentesting — höchster Managed Security Service speziell für den Mittelstand.

news   home page

 

Do you want to know how secure your company is?

Try it out! Click here for a test installation of DEFENDERBOX. The trial offer has been extended until June 30, 2025!

Test now
Managed Security Service
DEFENDERBOX Simple. Fast. Cybersecure.

The DEFENDERBOX protects your IT like an invisible bouncer — just plug it in and hackers stay out! 

PRODUCT

COMPANY

Contact us

© 2025 All Rights Reserved DEFENDERBOX

Linkedin
en_USEN
de_DEDE en_USEN
Cookie Consent with Real Cookie Banner