Security Experts:

Microsoft Fixes Privilege Escalation Flaw in Azure AD Connect

Microsoft has released an update for Azure Active Directory (AD) Connect to address an “important” vulnerability that can be exploited to hijack the accounts of privileged users.

Azure AD Connect is a tool that allows organizations to integrate their on-premises identity infrastructure with Azure AD. One feature of Azure AD Connect is “password writeback,” which allows users to easily reset their on-premises passwords by configuring Azure AD to write passwords back to the on-premises AD.

The problem, according to Microsoft, is that the password writeback feature may not be configured properly during enablement. A malicious Azure AD administrator can set the password of an on-premises AD account belonging to a privileged user to a known value and gain access to that account.

“To enable Password writeback, Azure AD Connect must be granted Reset Password permission over the on-premises AD user accounts. When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts),” Microsoft explained in its advisory.

This privilege escalation vulnerability is tracked as CVE-2017-8613 and it has been resolved by preventing password resets to privileged on-premises accounts.

Microsoft has provided detailed instructions on how organizations can check if they are affected. Users have been advised to update to version 1.1.553.0 of Azure AD Connect or apply mitigations suggested by the vendor.

Last week, Microsoft informed users that it patched yet another remote code execution vulnerability in its Malware Protection Engine. The flaw, discovered by Tavis Ormandy of Google Project Zero, could have been exploited to take control of a targeted system.

Ormandy and other Project Zero researchers identified several vulnerabilities in the Malware Protection Engine in the past weeks, including remote code execution and denial-of-service (DoS) flaws.

Related Reading: Microsoft Patches Many Exploited, Disclosed Flaws

Related Reading: Microsoft Issues Emergency Patch in Response to Massive Ransomware Outbreak

Related Reading: Microsoft Patches Windows Flaws Exploited in Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.