Jerusalem, 17 July, 2025 (TPS-IL) — Israeli cybersecurity company Semperis has uncovered a major vulnerability in Windows Server 2025 that could expose millions of systems to attack. The flaw, dubbed “Golden dMSA,”, affects delegated Managed Service Accounts and enables attackers to gain undetectable, persistent access across Active Directory environments.

Semperis researcher Adi Malyanker developed a tool, GoldenDMSA, to simulate the exploit and help defenders better understand the threat.

“This design flaw could allow attackers to generate service account passwords and persist undetected,” said Malyanker.