A recently patched Windows exploit lets anyone with a network connection obtain full access to the Active Directory domain-controller.