Microsoft Patch Tuesday, August 2025 Edition
https://krebsonsecurity.com/2025/08/microsoft-patch-tuesday-august-2025-edition/
#ExchangeServerSubscriptionEdition #MicrosoftExchangeServer #sansinternetstormcenter #ExchangeServer2016 #ExchangeServer2019 #MicrosoftOffice365 #LatestWarnings #TheComingStorm #CVE-2025-50165 #CVE-2025-53733 #CVE-2025-53766 #CVE-2025-53778 #CVE-2025-53779 #ExchangeOnline #MicrosoftWord #BadSuccessor #TimetoPatch #BenMcCarthy #WindowsGDI+ #YuvalGordon #Immersive
📢 Vulnérabilité critique BadSuccessor sur Windows Server 2025
📝 L'article de Unit42 de Palo Alto Networks met en lumière une **technique d'élévation de privilèges critique** nommée **BadSuccessor**, ciblant les environnements **Windows Serv...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-06-vulnerabilite-critique-badsuccessor-sur-windows-server-2025/
🌐 source : https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/
#Active_Directory #BadSuccessor #Cyberveille
Deep Dive: BadSuccessor – Full Active Directory Compromise: https://www.youtube.com/watch?v=IWP-8IMzQU8
Patch Tuesday, June 2025 Edition - Microsoft today released security updates to fix at least 67 vulnerabilities in it... https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/ #windowsservermessageblock #sansinternetstormcenter #patchtuesdayjune2025 #experiencemanager #cve-2025-33053 #cve-2025-33073 #mozillafirefox #securitytools #acrobatreader #badsuccessor #googlechrome #timetopatch #adambarnett #alexvovk #sethhoyt #action1 #automox #akamai #rapid7 #webdav
Patch Tuesday, June 2025 Edition
https://krebsonsecurity.com/2025/06/patch-tuesday-june-2025-edition/
#WindowsServerMessageBlock #sansinternetstormcenter #PatchTuesdayJune2025 #ExperienceManager #CVE-2025-33053 #CVE-2025-33073 #mozillafirefox #SecurityTools #AcrobatReader #BadSuccessor #GoogleChrome #TimetoPatch #AdamBarnett #AlexVovk #SethHoyt #Action1 #Automox #Akamai #Rapid7 #WebDAV
@SpecterOps posted a very good explanation on #BadSuccessor.
How it works and how to mitigate. The post also clears up some common misunderstandings about how AD object ownership in general works.
https://specterops.io/blog/2025/05/27/understanding-mitigating-badsuccessor/
🤔 We have answers to your questions on #BadSuccessor, the latest AD vulnerability https://www.tenable.com/blog/frequently-asked-questions-about-badsuccessor
🕵️ Tenable Identity Exposure customers can check their exposure with our recently released Indicator of Exposure (IoE): https://www.tenable.com/indicators/ioe/ad/C-BAD-SUCCESSOR
#WindowsServer2025: Rechteausweitungslücke im AD | Security https://www.heise.de/news/Windows-Server-2025-Rechteausweitungsluecke-im-AD-10397566.html #BadSuccessor #WindowsServer #Microsoft #Windows :windows: #MicrosoftWindows
🚨 Windows Server 2025 is affected by a vulnerability that would allow attackers to escalate to domain administrator privileges. The S.T.A².R.S Team at @Tarlogic explains how #BadSuccessor is exploited and how to mitigate it.
https://www.tarlogic.com/blog/badsuccessor/
Tiens, il y a un PoC d'exploitation pour la vulnérabilité BadSuccessor 👀
BadSuccessor, est une technique d'escalade de privilèges dans Active Directory. Elle exploite l’attribut peu connu dMSA ( delegated Managed Service Account) pour injecter un objet malveillant. Si un utilisateur a juste les droits "CreateChild" sur une OU (Organizational Unit), il peut créer un compte spécial et s’en servir pour devenir Domain Admin.
( 91% des environnements d'entreprise analysés par Akamai sont vulnérables à cette attaque. )
👇
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Et maintenant, il y a un PoC fonctionnel côté offensive.
⬇️
SharpSuccessor
Un outil .NET qui automatise le processus. Il permet à un utilisateur peu privilégié de :
Créer un objet dMSA piégé dans une OU sur laquelle il a les droits "CreateChild"
Associer cet objet à sa propre session utilisateur
Et obtenir les privilèges de domaine admin
👇
https://github.com/logangoins/SharpSuccessor
Mitigation
"Until a formal patch is released by Microsoft, defensive efforts should focus on limiting the ability to create dMSAs and tightening permissions wherever possible."
Limiter les droits "CreateChild" :
Réviser les permissions sur les OU et restreindre la création d’objets aux seuls comptes administratifs de confiance.
Surveiller les créations et modifications de dMSA :
Configurez des audits pour les événements AD pertinents (Event IDs 5136, 5137) afin de détecter toute activité suspecte liée aux dMSA.
Utiliser des outils de détection :
Employer des scripts comme Get-BadSuccessorOUPermissions.ps1 ( https://github.com/akamai/BadSuccessor ) pour identifier les comptes ayant des permissions à risque pour remédiation.
[ dans les news infosec ]
⬇️
"SharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor Flaw"
👇
https://gbhackers.com/sharpsuccessor-poc-released/
#Badsuccessor Nachlese - noch ein .NET Proof of Concept, um den Missbrauch der d;SA Privilege Escalation unter Windows Server 2025 DCs zu testen.
#BadSuccessor: Abusing #dMSA to Escalate Privileges in Active Directory
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
MT @The_Cyber_News
⚠️ New Attack Exploits dMSA in Windows Server 2025 to Compromise Any Active Directory Users
Read more: https://cybersecuritynews.com/attack-exploits-dmsa-windows-server-2025/
A critical vulnerability in Windows Server 2025 enables attackers to compromise any user in Active Directory, including highly privileged accounts.
