Semperis and Akamai partner​​

​​

AI-powered identity security and cyber resilience leader, Semperis announces new detection capabilities in its Directory Services Protector (DSP) platform to defend against “BadSuccessor”, a high-severity privilege escalation technique targeting a newly introduced feature in Windows Server 2025.

Developed in direct collaboration with the Akamai research team that discovered the vulnerability, the enhancements to the Semperis DSP platform includes one new Indicator of Exposure (IOE) and three Indicators of Compromise (IOCs) to help security teams to spot excessive delegation rights, malicious linkages between dMSAs and privileged accounts, and attempts to target sensitive accounts like KRBTGT.   This enables organizations to detect and respond to exploitation attempts before attackers can escalate privileges and compromise the domain.

BadSuccessor exploits delegated Managed Service Accounts (dMSAs), a new Windows Server 2025 feature meant to improve service account security.  “Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact,” says Yuval Gordon, Security Researcher, Akamai.  “The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call.”

“Service accounts remain one of the least governed yet most powerful assets in enterprise environments,” adds Tomer Nahum, Security Researcher, Semperis.  “This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit.”

The vulnerability affects any organization with at least one domain controller running Windows Server 2025.  Even a single misconfigured DC can introduce risk across the environment.  Until a patch is released, organizations are urged to audit dMSA permissions and monitor for signs of misuse using enhanced detection tools like Semperis DSP.

More on BadSuccessor abuse can be found here.