Blog Security Research BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory | Akamai Yuval Gordon is a Security Researcher at Akamai. His research is focused on offensive security and identity-based attack vectors. By abusing dMSAs, attackers can take over any principal in the domain. Executive summary \r\n Akamai researcher Yuval Gordon discovered a privilege escalation vulnerability in Windows Server 2025 that allows attackers to compromise any user in Active Directory (AD). \r\n \r\n The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement . \r\n \r\n This issue likely affects most organizations that rely on AD. In 91% of the environments we examined, we found users outside the domain admins group that had the required permissions to perform this attack.…