Site icon VMVirtualMachine.com

Microsoft Active Directory Domain Services Vulnerability Let Attackers Escalate Privileges

Microsoft Active Directory Domain Services Vulnerability Let Attackers Escalate Privileges

By Abinaya
Publication Date: 2026-03-11 13:30:00

An “Important” security update released on March 10, 2026, addresses a high-severity flaw in Active Directory Domain Services (AD DS).

Tracked as CVE-2026-25177, this vulnerability has a CVSS score of 8.8. It allows authorized network attackers to elevate their privileges to full SYSTEM control.

This Elevation of Privilege flaw stems from an improper restriction on file and resource names (CWE-641).

The attack operates entirely over the network, requires minimal privileges, has low attack complexity, and requires no user interaction. It heavily impacts the confidentiality, integrity, and availability of the system.

Active Directory Domain Services Vulnerability

The exploit occurs when an attacker uses specially crafted Unicode characters to create duplicate Service Principal Names (SPNs) or User Principal Names (UPNs).

These hidden characters successfully bypass normal Active Directory security checks meant to stop duplicates.​ To…

Exit mobile version