Cybersecurity researchers have disclosed what they say is a « critical design flaw » in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025.
« The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely, » Semperis said in a report shared with
