Our free webinar on network security will take place on 22.7.2025 at 16:00. Eachlearn more now.
0 Percent

of customers have (highly) critical gaps in the first security check!

Critical security vulnerability in Windows Server 2025

dMSA function opens the door to the Active Directory for attackers!

Researchers from the security company Akamai have discovered a serious security vulnerability in Windows Server 2025 that potentially affects every company that relies on Active Directory (AD). The risk: Attackers can use the new function for delegated Managed Service Accounts (dMSA) to gain increased authorizations in the network undetected — and thus compromise sensitive areas.

Our recommendation at DEFENDERBOX:

We help to identify exploitable security gaps! How? Find out how secure your company is with a test installation! Now to the Familiarization price test!

What is behind the Windows security vulnerability?

Windows Server 2025 introduced the dMSA feature, which is intended to replace classic service accounts with managed, delegable accounts. The idea: more automation, less administration effort.

But this is precisely where the danger lies. An attacker only needs minimal permissions in any organizational unit (OU) of the Active Directory — a constellation that is completely inconspicuous in most corporate networks. Even if the dMSA feature is not actively used, the attack surface remains as soon as a Windows Server 2025 Domain Controller is integrated.

Who is affected?

According to Akamai, 91 % of the AD environments tested are potentially vulnerable. In many cases, normal users — without administrator rights — have sufficient authorizations to create dMSAs and thus gain access to privileged accounts. This is a dangerous gap that companies carry unnoticed in their systems.

What can companies do now?

Until Microsoft provides an official security update, companies should take urgent action:

  • Check who is authorized to create dMSAs.
    Restrict this right to explicitly trusted admin accounts.

  • Use the PowerShell script from Akamaito generate a list of all users with dMSA creation rights. This allows potential risks to be specifically identified.

  • Document and check authorizations regularlyespecially in hybrid or complex AD structures.

  • Rely on continuous security analyses. The DEFENDERBOX identifies precisely such potential security gaps — automatically, audit-proof and without interrupting your systems.

Conclusion: Passive security is no longer enough

The dMSA gap shows once again how important it is to integrate active security monitoring and early detection of potential threats into everyday IT operations. What at first glance appears to be a convenient feature can turn out to be a massive risk for your infrastructure. Companies should act now — before attackers do.

Tip: With DEFENDERBOX, you can detect security vulnerabilities before they become public knowledge — and before they can be exploited. Now here find out more!

Your cyber security is our mission! Automated pentesting — the highest managed security service especially for SMEs.

news   home page

 

How vulnerable is your company really? Find out — with the DEFENDERBOX.

Install via plug & play.

✅ Have your IT infrastructure checked automatically. ✅ Detect security gaps before others do and before it’s too late.

Test now
Managed Security Service
DEFENDERBOX Simple. Fast. Cybersecure.

The DEFENDERBOX protects your IT like an invisible bouncer — just plug it in and hackers stay out! 

PRODUCT

COMPANY

Contact us

© 2025 All Rights Reserved DEFENDERBOX

Linkedin
en_USEN
de_DEDE en_USEN