Privilege Escalation Flaw Found in Windows Active Directory Domain Services

Microsoft has released a critical security update addressing CVE-2025-29810, an elevation of privilege vulnerability affecting Active Directory Domain Services (AD DS).

The flaw, disclosed as part of the April 2025 Patch Tuesday rollout on April 8, could allow attackers to gain unauthorized system-level access across enterprise networks.

Vulnerability Details

CVE-2025-29810 stems from improper access control mechanisms within AD DS, which serves as the foundation of Windows network security infrastructure in enterprise environments.

The vulnerability carries a CVSS score of 7.5 (base) and 6.5 (temporal), indicating a significant security risk despite its high attack complexity.

“Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network,” stated Microsoft in their executive summary.

Security researchers note that an authenticated user with limited privileges could potentially exploit this vulnerability to gain SYSTEM-level access, effectively compromising entire domains.

The vulnerability affects multiple Windows Server versions, including Server 2008, 2012, 2016, 2022, and the recently released Windows Server 2025.

Desktop systems running various Windows 10 and Windows 11 versions are also impacted.

Technical Assessment

According to Microsoft’s documentation, the vulnerability has a CVSS vector string of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C.

While the attack vector is network-based, exploitation requires high complexity, meaning attackers would need to gather environment-specific information and perform additional preparatory actions before successful exploitation.

Security experts compare this vulnerability to previous AD DS flaws, such as the 2022 privilege escalation vulnerability (CVE-2022-26923) that allowed domain users to escalate privileges by manipulating machine certificates issued by Active Directory Certificate Services.

“This new vulnerability follows a similar pattern where access control failures can lead to privilege escalation, potentially allowing attackers to perform domain controller synchronization attacks,” explained a cybersecurity researcher familiar with Active Directory vulnerabilities.

Patch Availability

Microsoft has released security updates for most affected systems, with KB numbers including 5055523 for Windows 11 Version 24H2, 5055521 for Windows Server 2016, and 5055528 for Windows 11 Version.

However, Microsoft noted that “The security update for Windows 10 for x64-based Systems and Windows 10 for 32-bit Systems are not immediately available.

The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information.”

Broader Context

This vulnerability is part of Microsoft’s April 2025 Patch Tuesday, which addressed a total of 134 security flaws across the company’s product lineup.

Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System driver, was reportedly being actively exploited before patching.

The AD DS vulnerability was discovered by security researcher Matthieu Buffet, whom Microsoft acknowledged through its coordinated vulnerability disclosure program.

Recommendations

Security professionals recommend that organizations prioritize testing and deploy these security updates immediately, particularly for domain controllers and other critical infrastructure components.

Until patches can be applied, enhanced monitoring of Active Directory activities and implementation of strict privilege limitations are advised as temporary mitigation measures.

Organizations should also conduct comprehensive reviews of their Active Directory permissions to ensure adherence to the principle of least privilege as part of a broader security strategy.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates