Hackers said to be escalating the privilege in the wild following update delay last week.
Microsoft has issued an emergency patch for its authentication protocol Kerberos, after it found hackers attempting to exploit a bug.
Attackers can abuse the flaw to grant themselves extra privileges, allowing them to remotely compromise any computer within that domain. System admins have been advised to patch their machines.
Chris Goettl, product manager at security vendor Shavlik, said: "The attacker must have a valid domain user account, but with that user account they can forge a Kerberos ticket that will allow them to claim they are a domain administrator.
"From there they can do pretty much what they want from creating accounts to installing software and deleting or changing data."
The fix had been intended for release last week, alongside the regular Patch Tuesday update cycle, but was delayed for reasons yet unknown.
The incident also follows reports from the Microsoft that its Secure Channel (SChannel) patch was causing a fatal transport security layer (TLS) error in certain system configurations, leading services to become unresponsive.
"The update should be worked into your deployment plan this month as the vulnerabilities resolved are severe enough to warrant some urgency," Goettl added.