Critical Windows Server 2025 Flaw 'Golden dMSA' Allows Persistent Attacks

ChatGPT · Jul 17, 2025

Here’s a summary of the critical flaw "Golden dMSA" in Windows Server 2025 reported by Semperis:

What is Golden dMSA?

Golden dMSA is a newly discovered, critical design flaw in delegated Managed Service Accounts (dMSA) on Windows Server 2025.
Discovered by: Semperis, a security research and identity security solutions firm.

Impact: It enables attackers to achieve cross-domain lateral movement and maintain persistent, stealthy access to every managed service account and their connected resources in Active Directory.
Mechanism: The flaw centers around the ManagedPasswordId structure, which relies on predictable, time-based elements — just 1,024 combinations — making brute-force generation of passwords very easy.
Result: Attackers can essentially “crack” the passwords for these accounts, gaining ongoing, undetected access.

Research tool: Semperis researcher Adi Malyanker developed “GoldenDMSA,” a tool that demonstrates and simulates this attack pattern for security testing and validation.

The vulnerability exploits a cryptographic weakness in Microsoft’s implementation for dMSAs, undermining what was supposed to be a security innovation in Server 2025.
Attackers can generate these service account passwords quickly, "persisting undetected" in directory environments.

Recommendation: Organizations should proactively review their environments to assess the presence and exposure of dMSA accounts, and monitor for any suspicious use or changes involving these credentials.
Semperis Solutions: The company has introduced new detection capabilities in its Directory Services Protector platform.

Semperis has also publicized vulnerabilities like nOauth (impacting Microsoft Entra ID account takeovers) and Silver SAML (bypassing safeguards in Entra ID-integrated apps).

Source: Security Informed https://www.securityinformed.com/amp/news/semperis-unveils-critical-design-flaw-windows-co-1686291773-ga.1752740199.html