Microsoft has issued a security advisory regarding a new vulnerability in Active Directory Certificate Services that could allow attackers to perform denial-of-service attacks over a network.

The vulnerability, identified as CVE-2025-29968, affects multiple versions of Windows Server and has been assigned an “Important” severity rating with a CVSS score of 6.5/5.7, according to Cybersecurity News.

The security flaw stems from improper input validation in Active Directory Certificate Services (AD CS), a critical Windows role that enables organisations to issue and manage digital certificates for internal security purposes. 

When exploited, attackers can cause the AD CS to become unresponsive, potentially disrupting authentication processes, secure communications, and other certificate-dependent operations across an organization’s infrastructure.

Low Attack Complexity

According to Microsoft’s security bulletin, the vulnerability in the CVSS vector string indicates that this vulnerability can be exploited over a network with low attack complexity and requires low privileges.

Jamie Akhtar, CEO and co-founder at CyberSmart, said: “Given how widely AD CS is deployed, particularly in larger enterprises and public sector bodies, the potential for exploitation is significant. If left unpatched, attackers could use this flaw to escalate privileges and move laterally through a network and gain access to sensitive systems with relative ease.

“The real concern here is that this isn’t a theoretical risk. We’ve seen time and again that vulnerabilities like this are quickly adopted into the toolkits of ransomware gangs and nation-state actors. With AD CS acting as a cornerstone of trust in enterprise environments, any compromise could allow attackers to impersonate users, issue fraudulent certificates, and completely undermine an organisation’s identity and access infrastructure.”

He said this is a vulnerability that shouldn’t be underestimated, and any business running on-prem AD CS should prioritise patching, review who has access to certificate templates, and monitor for any unusual activity related to certificate issuance.

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.