This Elevation of Privilege flaw stems from an improper restriction on file and resource names (CWE-641).
The attack operates entirely over the network, requires minimal privileges, has low attack complexity, and requires no user interaction. It heavily impacts the confidentiality, integrity, and availability of the system.
The exploit occurs when an attacker uses specially crafted Unicode characters to create duplicate Service Principal Names (SPNs) or User Principal Names (UPNs).
These hidden characters successfully bypass normal Active Directory security checks meant to stop duplicates. To launch the attack, a hacker only needs standard permission to write or modify SPNs on an account.
When clients request Kerberos authentication for a targeted service with a duplicate SPN, the domain controller mistakenly issues a ticket encrypted with the wrong key.
The target service then rejects the ticket, causing a denial-of-service (DoS) attack or forcing the network to fall back to older, less secure NTLM authentication if it is still enabled.
No direct access to the targeted server is required beyond the initial SPN-write permission.
A successful exploit grants the attacker full SYSTEM privileges, letting them take complete control of the server and the broader domain environment.
Fortunately, Microsoft currently assesses the exploitability as “Less Likely,” with no public exploit code or active attacks in the wild at the time of publication.
Microsoft and Semperis coordinated to release official security updates to address this flaw. Network administrators must immediately apply these patches to secure their environments.
The updates cover a wide range of operating systems, including Windows 10, Windows 11, and Windows Server editions spanning from 2012 to the latest 2025 releases.
Monitoring Active Directory environments for unusual SPN modifications can also serve as a helpful proactive defense measure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Active Directory Domain Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.
Warning: this article contains major spoilers for Superman Unlimited #11!DC Comics has made its fair…
Spacelift has launched Spacelift Intelligence to help infrastructure teams escape drowning in provisioning requests. Developers…
Reco has released Reco AI Agent Security to fill the visibility gap for AI agents…
Workday has announced a major evolution of its business platform, with the first update to…
Unit4 has announced that Van Weelde Shipping Group is one of the latest customers to…
AI in all its forms (analytical, generative, agentic, et al) promises to redefine how work…
This website uses cookies.