WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
HOME ACCOUNT PRODUCTS NEWS ARTICLES DIRECTORY CLASSIFIEDS FORUMS TOOLS
* Search Job Postings on WebsiteGear Classifieds !
  Home News Web Hosting Domain Name Industry Sunday, April 5, 2026 
Add Press Release News | News Feeds Feeds | Email This News Email


Semperis Research Uncovers Critical Flaw in Windows Server 2025 Exposing Managed Service Accounts to Golden dMSA Attack
Thursday, July 24, 2025

Semperis Researcher Adi Malyanker develops a new tool dubbed GoldenDMSA that incorporates the attack's logic, enabling efficient study and simulation of this novel technique.

HOBOKEN, N.J., July 16, 2025 /PRNewswire/ -- Semperis, a provider of AI-powered identity security and cyber resilience, today released new research detailing Golden dMSA, a critical design flaw active in delegated Managed Service Accounts (dMSAs) in Windows Server 2025. The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely.

To help further understanding of how this attack technique works in practice, Semperis Researcher Adi Malyanker built a tool called GoldenDMSA. The tool incorporates the logic of the attack, allowing users to efficiently explore, evaluate, and simulate how the technique may be exploited in real-world environments.

The Golden dMSA attack leverages a cryptographic vulnerability that can undermine Microsoft's latest security innovation in Windows Server 2025. This technique exploits the architectural foundation of dMSAs. The attack leverages a critical design flaw: the ManagedPasswordId structure contains predictable time-based components with only 1,024 combinations, making brute-force password generation computationally trivial.

"Golden dMSA exposes a critical design flaw that could let attackers generate service account passwords and persist undetected in Active Directory environments," said Malyanker. "I built a tool that helps defenders and researchers better understand the mechanism of the attack. Organizations should proactively assess their systems to stay ahead of this emerging threat."

Semperis researchers, pioneers in identity threat detection, recently announced new research into nOauth, a known vulnerability in Microsoft's Entra ID that enables full account takeover in vulnerable SaaS apps with minimal attacker effort. In addition, new detection capabilities were developed in the company's Directory Services Protector platform to enable defense against BadSuccessor, a high-severity privilege escalation technique targeting a newly introduced feature in Windows Server 2025. Last year, Semperis researchers discovered Silver SAML, a new variant of the SolarWinds-era Golden SAML technique that bypasses standard defenses in Entra ID-integrated applications.

To read the full research blog, visit: https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass

About Semperis
Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments--including Active Directory, Entra ID, and Okta--Semperis' AI-powered technology protects over 100 million identities from cyberattacks, data breaches, and operational errors.

As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning?Hybrid Identity Protection (HIP) Conference,?HIP Podcast, and free identity security tools?Purple Knight?and?Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries.?

Learn more:?https://www.semperis.com
Follow us:?Blog?/?LinkedIn?/?X?/?Facebook?/?YouTube

Media Contact:
Bill Keeler?
Senior Director, PR & Comms
Semperis
billk@semperis.com?

View original content to download multimedia:https://www.prnewswire.com/news-releases/semperis-research-uncovers-critical-flaw-in-windows-server-2025-exposing-managed-service-accounts-to-golden-dmsa-attack-302506258.html

SOURCE Semperis



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Weekly Recap: 11 Tech Press Releases You Need to See | Jan 22, 2026
Nav Sup AI Sets New Benchmark Record with 52.15% on Humanity's Last Exam | Jan 22, 2026
Nav DEADLINE ANNOUNCED FOR 2026 NEW TOP-LEVEL DOMAIN APPLICATIONS | Jan 22, 2026
Nav Trigent Partners with WeWork India to Expand its GCC Footprint | Jan 22, 2026
Nav Skunk Works® and XTEND Expand Joint All Domain Command and Control for Advanced Mission Execution | Jan 22, 2026
Nav Altair HyperWorks 2026 Delivers Design and Simulation at Scale with AI | Jan 22, 2026
Nav Exia Labs Brings Keystone to the U.S. Navy via DIU's Blue Object Management Challenge | Jan 22, 2026
Nav Glasswall Brings Defense-Level File Sanitization to Every Government Agency and Business Using Microsoft 365 | Jan 22, 2026
Nav Genpact Named a Leader in ISG Provider Lens(TM) 2025 for Insurance GCCs and Agentic AI Services | Jan 22, 2026
Nav Buyers Edge Platform Appoints Jaime Selga to Lead Expansion Across the Middle East, Africa & Asia | Jan 22, 2026
NEWS SEARCH
Survey Software
Survey Software
Click Tracking Software
Click Tracking
Poll Software
Poll Software
Rating Software
Rating Software
FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News
Copyright © 2003-2026 WebsiteGear Inc. All rights reserved. WEBSITEGEAR® is a registered trademark of WebsiteGear Inc.