Microsoft has released an urgent patch for a serious security flaw—CVE-2025-29810—affecting Windows Active Directory Domain Services (AD DS). This vulnerability allows attackers to escalate privileges and potentially take full control of a network domain.
Rated 7.5 (Important) on the CVSS v3.1 scale, the flaw impacts Windows Server 2016 through 2025 editions and stems from improper access control (CWE-284).
Windows Active Directory flaw CVE-2025-29810 at a Glance:
- CVE ID: CVE-2025-29810
- Published: April 8, 2025
- Severity: Important (CVSS 7.5)
- Impact: Full domain compromise via privilege escalation
- Fix: Apply the April 2025 security update (KB5036789)
How the Exploit Works:
- Attacker uses phishing or stolen credentials to access the network.
- Misconfigured AD permissions are exploited to gain higher access.
- Privileges are escalated to Domain Admin, allowing full control, data theft, or ransomware attacks.
Microsoft Update:
- The issue hasn’t been exploited in the wild yet.
- A patch is included in the April 2025 Windows Server update.
Recommended Actions:
- Patch Immediately – Apply the April 2025 update.
- Audit AD Permissions – Use tools like ACL Scanner to find weak spots.
- Enforce Zero Trust – Isolate networks and require multi-factor authentication.
- Monitor Logs – Look for suspicious changes in account privileges.
Cybersecurity expert Priya Sharma (CERT-In) warns, “This vulnerability breaks the trust model of Active Directory. Delays in patching could lead to major breaches.”
Active Directory continues to be a top target, with a 30% increase in AD-related attacks since 2023 (Microsoft Digital Defense Report). Detection rules in Azure Sentinel and Defender for Identity have been updated to spot this threat.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment