{"id":346470,"date":"2025-06-06T10:19:54","date_gmt":"2025-06-06T17:19:54","guid":{"rendered":"https:\/\/msftnewsnow.com\/?p=346470"},"modified":"2025-06-06T10:20:16","modified_gmt":"2025-06-06T17:20:16","slug":"dmsa-vulnerability-found-in-windows-server-2025","status":"publish","type":"post","link":"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/","title":{"rendered":"Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed &#8220;BadSuccessor,&#8221; Patch Expected Soon"},"content":{"rendered":"<div class=\"relative\">\n<div class=\"prose text-pretty dark:prose-invert inline leading-normal break-words min-w-0 [word-break:break-word]\">\n<p>A newly discovered vulnerability in <a href=\"https:\/\/msftnewsnow.com\/tag\/windows-server\" target=\"_blank\" rel=\"noopener\">Windows Server<\/a> 2025\u2019s delegated Managed Service Account (dMSA) feature has sent shockwaves through the cybersecurity community. Dubbed \u201cBadSuccessor,\u201d this flaw allows attackers with minimal permissions to escalate privileges and potentially compromise entire Active Directory (AD) domains<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>What Is the dMSA Feature in Windows Server 2025?<\/strong><\/h2>\n<p class=\"my-0\">Delegated Managed Service Accounts (dMSAs) were introduced in Windows Server 2025 to simplify service account management and to help organizations migrate from legacy service accounts, reducing risks from attacks like Kerberoasting<span class=\"whitespace-nowrap\">.<\/span> dMSAs can be created as standalone accounts or as replacements for existing service accounts, inheriting permissions and access rights as part of the migration process<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>The BadSuccessor dMSA Vulnerability<\/strong><\/h2>\n<p><img decoding=\"async\" data-attachment-id=\"346494\" data-permalink=\"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/image-15\/#main\" data-orig-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-orig-size=\"1024,576\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;{\\&quot;prompt\\&quot;:\\&quot;A close-up, conceptual digital illustration portraying a Windows Server under cyber threat: the central focus is a stylized server rack glowing with a cold blue light, surrounded by dark, ominous shadows symbolizing vulnerability. Binary code streams around it, interwoven with red warning symbols and glitch effects, evoking the intensity of a cyberattack. The background fades into a network grid pattern with faint, flickering firewall icons and alert messages. The overall lighting is dramatic with sharp contrasts, creating a tense and urgent atmosphere, rendered in a modern, sleek tech art style.nnWindows Server vulnerability\\&quot;,\\&quot;originalPrompt\\&quot;:\\&quot;Windows Server vulnerability\\&quot;,\\&quot;width\\&quot;:1024,\\&quot;height\\&quot;:576,\\&quot;seed\\&quot;:42,\\&quot;model\\&quot;:\\&quot;flux\\&quot;,\\&quot;enhance\\&quot;:false,\\&quot;nologo\\&quot;:true,\\&quot;negative_prompt\\&quot;:\\&quot;worst quality, blurry\\&quot;,\\&quot;nofeed\\&quot;:false,\\&quot;safe\\&quot;:false,\\&quot;quality\\&quot;:\\&quot;medium\\&quot;,\\&quot;image\\&quot;:[],\\&quot;transparent\\&quot;:false,\\&quot;isMature\\&quot;:false,\\&quot;isChild\\&quot;:false}&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;1&quot;}\" data-image-title=\"image (15)\" data-image-description=\"\" data-image-caption=\"&lt;p&gt;{&#8220;prompt&#8221;:&#8221;A close-up, conceptual digital illustration portraying a Windows Server under cyber threat: the central focus is a stylized server rack glowing with a cold blue light, surrounded by dark, ominous shadows symbolizing vulnerability. Binary code streams around it, interwoven with red warning symbols and glitch effects, evoking the intensity of a cyberattack. The background fades into a network grid pattern with faint, flickering firewall icons and alert messages. The overall lighting is dramatic with sharp contrasts, creating a tense and urgent atmosphere, rendered in a modern, sleek tech art style.nnWindows Server vulnerability&#8221;,&#8221;originalPrompt&#8221;:&#8221;Windows Server vulnerability&#8221;,&#8221;width&#8221;:1024,&#8221;height&#8221;:576,&#8221;seed&#8221;:42,&#8221;model&#8221;:&#8221;flux&#8221;,&#8221;enhance&#8221;:false,&#8221;nologo&#8221;:true,&#8221;negative_prompt&#8221;:&#8221;worst quality, blurry&#8221;,&#8221;nofeed&#8221;:false,&#8221;safe&#8221;:false,&#8221;quality&#8221;:&#8221;medium&#8221;,&#8221;image&#8221;:[],&#8221;transparent&#8221;:false,&#8221;isMature&#8221;:false,&#8221;isChild&#8221;:false}&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" data-large-file=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" class=\"size-full wp-image-346494\" src=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&lossy=1&quality=88&sharp=1&ssl=1\" alt=\"Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed &quot;BadSuccessor,&quot; Patch Expected Soon\" width=\"1024\" height=\"576\" srcset=\"https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 1024w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15-150x84.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;ssl=1 150w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=204&amp;ssl=1 204w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=409&amp;ssl=1 409w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=614&amp;ssl=1 614w, https:\/\/e7drz69p964.exactdn.com\/wp-content\/uploads\/2025\/06\/image-15.jpeg?strip=all&amp;lossy=1&amp;quality=88&amp;sharp=1&amp;w=819&amp;ssl=1 819w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"my-0\"><a href=\"https:\/\/www.akamai.com\/blog\/security-research\/abusing-dmsa-for-privilege-escalation-in-active-directory\" target=\"_blank\" rel=\"noopener\">Security researchers from Akamai<\/a> and other firms have revealed that the dMSA migration mechanism contains a critical design flaw. By exploiting this, an attacker with basic permissions\u2014specifically, write access to any dMSA object or the ability to create dMSAs in an Organizational Unit (OU)\u2014can simulate a migration and inherit the permissions of any user, including domain administrators<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>Key Facts:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">The attack works even if your domain is not actively using dMSAs. The mere presence of a Windows Server 2025 domain controller makes the vulnerability exploitable<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\">In 91% of real-world environments analyzed, non-admin users had sufficient permissions to launch the attack<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Proof-of-concept exploits have been released, increasing the urgency for mitigation<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<\/ul>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Microsoft\u2019s Response and Risk Assessment<\/strong><\/h2>\n<p class=\"my-0\">Microsoft has acknowledged the vulnerability, classifying it as moderate severity because exploitation requires specific permissions on dMSA objects<span class=\"whitespace-nowrap\">.<\/span> However, security researchers and industry experts argue that the flaw\u2019s ease of exploitation and potential for domain-wide compromise make it a critical risk<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\">A patch is in development, but as of June 2025, no fix is available<span class=\"whitespace-nowrap\">.<\/span> Organizations are urged to take immediate steps to reduce their exposure.<\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Mitigation and Best Practices<\/strong><\/h2>\n<p class=\"my-0\"><strong>1. Restrict dMSA Permissions:<\/strong><br \/>\nLimit the ability to create or modify dMSAs to trusted administrators only<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\"><strong>2. Audit and Monitor:<\/strong><\/p>\n<ul class=\"marker:text-textOff list-disc\">\n<li>\n<p class=\"my-0\">Log and review all dMSA creation, modification, and authentication events.<\/p>\n<\/li>\n<li>\n<p class=\"my-0\">Use available PowerShell scripts to identify users with dMSA-related permissions and remove unnecessary rights<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<\/li>\n<\/ul>\n<p class=\"my-0\"><strong>3. Prepare for Patch Deployment:<\/strong><br \/>\nMonitor Microsoft\u2019s official channels for the upcoming security update, expected in an imminent Patch Tuesday release<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2 class=\"mb-xs mt-5 text-base font-[500] first:mt-0 dark:font-[475]\"><strong>Broader Impact<\/strong><\/h2>\n<p class=\"my-0\">The BadSuccessor vulnerability is a stark reminder of the risks posed by convenience features in complex enterprise environments. Organizations relying on Active Directory must act swiftly to harden their environments and stay informed about Microsoft\u2019s patching efforts<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<p class=\"my-0\">With proof-of-concept exploits in the wild and most AD environments at risk, the dMSA vulnerability in Windows Server 2025 demands immediate attention. By restricting permissions, auditing activity, and preparing for Microsoft\u2019s forthcoming patch, organizations can minimize their exposure and protect their critical infrastructure from domain-wide compromise<span class=\"whitespace-nowrap\">.<\/span><\/p>\n<h2><strong>Related Posts<\/strong><\/h2>\n<ol>\n<li><a href=\"https:\/\/msftnewsnow.com\/microsofts-may-2025-patch-tuesday-five-zero-days\/\" target=\"_blank\" rel=\"noopener\">Microsoft\u2019s May 2025 Patch Tuesday: Five New Zero-Days Exploited, 72 Flaws Patched: What You Need to Know<\/a><\/li>\n<li><a href=\"https:\/\/msftnewsnow.com\/april-2025-patch-tuesday-zero-day-cve-2025-29824\/\" target=\"_blank\" rel=\"noopener\">Microsoft April 2025 Patch Tuesday: Critical Updates Fixing 134 Vulnerabilities, Including a Zero-Day Exploit CVE-2025-29824<\/a><\/li>\n<li><a href=\"https:\/\/msftnewsnow.com\/microsofts-march-2025-patch-tuesday-7-zero-days\/\" target=\"_blank\" rel=\"noopener\">Microsoft&amp;#8217;s March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws<\/a><\/li>\n<li><a href=\"https:\/\/msftnewsnow.com\/microsoft-issues-largest-security-update-in-years\/\" target=\"_blank\" rel=\"noopener\">Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities<\/a><\/li>\n<li><a href=\"https:\/\/msftnewsnow.com\/microsoft-launches-free-european-security-program\/\" target=\"_blank\" rel=\"noopener\">Microsoft Launches European Security Program: Free Cybersecurity Initiative to Protect European Governments from AI-Driven Threats<\/a><\/li>\n<\/ol>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A newly discovered vulnerability in Windows Server 2025\u2019s delegated Managed Service Account (dMSA) feature has sent shockwaves through the cybersecurity community. Dubbed \u201cBadSuccessor,\u201d this flaw allows attackers with minimal permissions to escalate privileges and potentially compromise entire Active Directory (AD) domains. What Is the dMSA Feature in Windows Server 2025? Delegated Managed Service Accounts (dMSAs) &#8230; <a title=\"Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed &#8220;BadSuccessor,&#8221; Patch Expected Soon\" class=\"read-more\" href=\"https:\/\/msftnewsnow.com\/dmsa-vulnerability-found-in-windows-server-2025\/\" aria-label=\"Read more about Critical dMSA Vulnerability Found in Windows Server 2025, Dubbed &#8220;BadSuccessor,&#8221; Patch Expected Soon\">Read more<\/a><\/p>\n","protected":false},"author":208461344,"featured_media":346492,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[24],"tags":[1348,1271,761,778,32,1340,1083,275,1228],"class_list":["post-346470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-authentication","tag-cybersecurity","tag-developer","tag-microsoft","tag-patch-tuesday","tag-powershell","tag-security","tag-windows","tag-windows-server"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/image-14.jpeg","jetpack_shortlink":"https:\/\/wp.me\/pfgCZY-1s8e","jetpack-related-posts":[{"id":347001,"url":"https:\/\/msftnewsnow.com\/microsoft-patch-tuesday-june-2025-65-security-fix\/","url_meta":{"origin":346470,"position":0},"title":"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed","author":"Dave W. Shanahan","date":"June 11, 2025","format":false,"excerpt":"Microsoft\u2019s June 2025 Patch Tuesday has arrived, delivering urgent security fixes for a broad range of its products. The company addressed more than 65 vulnerabilities, including a zero-day exploit that was being actively used in cyber espionage campaigns. This month\u2019s updates are critical for both enterprise and individual users, reinforcing\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft Patch Tuesday June 2025: 65+ Security Vulnerabilities Patched, Zero-Day Exploit Fixed","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/06\/xelmjbjubehnaogdqaxe-scaled.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":332492,"url":"https:\/\/msftnewsnow.com\/microsofts-march-2025-patch-tuesday-7-zero-days\/","url_meta":{"origin":346470,"position":1},"title":"Microsoft&#8217;s March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws","author":"Dave W. Shanahan","date":"March 12, 2025","format":false,"excerpt":"Microsoft has released its March 2025 Patch Tuesday updates, resolving a total of 57 security vulnerabilities affecting various products, including Windows, Office, Remote Desktop Services, and more. As reported by Bleeping Computer, among these vulnerabilities are seven critical zero-day flaws\u2014six of which were actively exploited in the wild prior to\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft's March 2025 Patch Tuesday Addresses 57 Vulnerabilities, Including 7 Critical Zero-Day Flaws, CVE-2025-24983, CVE-2025-24991, CVE-2025-24984, CVE-2025-26630, CVE-2025-24985, CVE-2025-24993, CVE-2025-26633, CVE-2025-25001, CVE-2025-25002, CVE-2025-25003, CVE-2025-25004, CVE-2025-25005","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/03\/f573b6ca-d63d-40aa-b938-eca52a0cc389-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":350079,"url":"https:\/\/msftnewsnow.com\/july-2025-microsoft-patch-tuesday-vulnerabilities\/","url_meta":{"origin":346470,"position":2},"title":"July 2025 Microsoft Patch Tuesday: 137 Vulnerabilities Fixed, One Zero-Day in SQL Server, Critical Office and AMD Flaws","author":"Dave W. Shanahan","date":"July 8, 2025","format":false,"excerpt":"Microsoft has released its July 2025 Patch Tuesday security updates, addressing a sweeping total of 137 vulnerabilities across its product portfolio. This month\u2019s Microsoft Patch Tuesday cycle is headlined by a publicly disclosed zero-day vulnerability in Microsoft SQL Server, alongside a host of critical flaws in Microsoft Office, SharePoint, and\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"July 2025 Microsoft Patch Tuesday: 137 Vulnerabilities Fixed, One Zero-Day in SQL Server, Critical Office and AMD Flaws","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/07\/avdd8ckrtwd25gzo2tnu-scaled.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":340669,"url":"https:\/\/msftnewsnow.com\/windows-server-updates-windows-hello-for-business\/","url_meta":{"origin":346470,"position":3},"title":"April 2025 Windows Server Updates Cause Massive Kerberos Authentication Failures Impacting Windows Hello for Business","author":"Dave W. Shanahan","date":"May 7, 2025","format":false,"excerpt":"Microsoft confirmed that the April 2025 security updates are causing significant authentication problems on several Windows Server versions, including Windows Server 2016, 2019, 2022, and the latest Windows Server 2025. These issues primarily affect enterprise environments using Windows Hello for Business (WHfB) and certificate-based authentication relying on Kerberos protocols. What\u2019s\u2026","rel":"","context":"In &quot;AI and Copilot&quot;","block_context":{"text":"AI and Copilot","link":"https:\/\/msftnewsnow.com\/ai-and-copilot\/"},"img":{"alt_text":"April 2025 Windows Server Updates Cause Massive Kerberos Authentication Failures Impacting Windows Hello for Business, Windows Server April 2025 update authentication issues, Kerberos authentication failure Windows Server, Windows Server domain controller Kerberos error, Windows Server Active Directory authentication issues, Windows Server April 2025 patch problems, Windows Server 2016 2019 2022 2025 security update issue, KB5055523 Windows Server update problem, Windows Hello for Business authentication problem, Enterprise Windows Hello for Business logon failure, Certificate-based authentication Windows Server, Windows Server smart card logon failure, Windows Server Kerberos event ID 21 and 45, AllowNtAuthPolicyBypass registry fix, Windows Server authentication workaround, CVE-2025-26647 Kerberos vulnerability","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/A-high-resolution-clean-and-modern-image-featuring-the-official-Microsoft-logo-centered-prominently-scaled.jpeg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/A-high-resolution-clean-and-modern-image-featuring-the-official-Microsoft-logo-centered-prominently-scaled.jpeg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/A-high-resolution-clean-and-modern-image-featuring-the-official-Microsoft-logo-centered-prominently-scaled.jpeg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/A-high-resolution-clean-and-modern-image-featuring-the-official-Microsoft-logo-centered-prominently-scaled.jpeg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":341923,"url":"https:\/\/msftnewsnow.com\/microsofts-may-2025-patch-tuesday-five-zero-days\/","url_meta":{"origin":346470,"position":4},"title":"Microsoft\u2019s May 2025 Patch Tuesday: Five New Zero-Days Exploited, 72 Flaws Patched: What You Need to Know","author":"Dave W. Shanahan","date":"May 14, 2025","format":false,"excerpt":"Yesterday, Microsoft released its latest Patch Tuesday security updates, addressing a total of 72 vulnerabilities across its product portfolio-including Windows, Office, Azure, and more. This month\u2019s update is especially urgent, as it patches five zero-day vulnerabilities already being exploited in the wild and two additional flaws that were publicly disclosed\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft\u2019s May 2025 Patch Tuesday: Five New Zero-Days Exploited, 72 Flaws Patched: What You Need to Know","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/download-10.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/download-10.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/download-10.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/05\/download-10.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":329309,"url":"https:\/\/msftnewsnow.com\/microsoft-issues-largest-security-update-in-years\/","url_meta":{"origin":346470,"position":5},"title":"Microsoft issues largest security update in years for Patch Tuesday January 2025, patches 3 critical zero-day vulnerabilities","author":"Dave W. Shanahan","date":"January 15, 2025","format":false,"excerpt":"Microsoft has released its first Patch Tuesday update of 2025, addressing a staggering 161 security vulnerabilities - the largest number of fixes in a single month since 2017. As reported by Bleeping Computer, the massive update includes security patches for three actively exploited zero-day flaws and multiple critical vulnerabilities that\u2026","rel":"","context":"In &quot;News&quot;","block_context":{"text":"News","link":"https:\/\/msftnewsnow.com\/news\/"},"img":{"alt_text":"Microsoft issues January 2025 largest security updates in years, patches 3 critical zero-day vulnerabilities for January 2025","src":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/msftnewsnow.com\/wp-content\/uploads\/2025\/01\/mvz7aywqxsgp9jdu7liv-e1736965366518.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]}],"jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/346470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/users\/208461344"}],"replies":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/comments?post=346470"}],"version-history":[{"count":0,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/posts\/346470\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media\/346492"}],"wp:attachment":[{"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/media?parent=346470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/categories?post=346470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/msftnewsnow.com\/wp-json\/wp\/v2\/tags?post=346470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}