Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Microsoft Fixes Privilege Escalation Flaw in Azure AD Connect

Microsoft has released an update for Azure Active Directory (AD) Connect to address an “important” vulnerability that can be exploited to hijack the accounts of privileged users.

Microsoft has released an update for Azure Active Directory (AD) Connect to address an “important” vulnerability that can be exploited to hijack the accounts of privileged users.

Azure AD Connect is a tool that allows organizations to integrate their on-premises identity infrastructure with Azure AD. One feature of Azure AD Connect is “password writeback,” which allows users to easily reset their on-premises passwords by configuring Azure AD to write passwords back to the on-premises AD.

The problem, according to Microsoft, is that the password writeback feature may not be configured properly during enablement. A malicious Azure AD administrator can set the password of an on-premises AD account belonging to a privileged user to a known value and gain access to that account.

“To enable Password writeback, Azure AD Connect must be granted Reset Password permission over the on-premises AD user accounts. When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts),” Microsoft explained in its advisory.

This privilege escalation vulnerability is tracked as CVE-2017-8613 and it has been resolved by preventing password resets to privileged on-premises accounts.

Microsoft has provided detailed instructions on how organizations can check if they are affected. Users have been advised to update to version 1.1.553.0 of Azure AD Connect or apply mitigations suggested by the vendor.

Last week, Microsoft informed users that it patched yet another remote code execution vulnerability in its Malware Protection Engine. The flaw, discovered by Tavis Ormandy of Google Project Zero, could have been exploited to take control of a targeted system.

Ormandy and other Project Zero researchers identified several vulnerabilities in the Malware Protection Engine in the past weeks, including remote code execution and denial-of-service (DoS) flaws.

Related Reading: Microsoft Patches Many Exploited, Disclosed Flaws

Related Reading: Microsoft Issues Emergency Patch in Response to Massive Ransomware Outbreak

Related Reading: Microsoft Patches Windows Flaws Exploited in Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.