Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Fixes Privilege Escalation Flaw in Azure AD Connect

Microsoft has released an update for Azure Active Directory (AD) Connect to address an “important” vulnerability that can be exploited to hijack the accounts of privileged users.

Microsoft has released an update for Azure Active Directory (AD) Connect to address an “important” vulnerability that can be exploited to hijack the accounts of privileged users.

Azure AD Connect is a tool that allows organizations to integrate their on-premises identity infrastructure with Azure AD. One feature of Azure AD Connect is “password writeback,” which allows users to easily reset their on-premises passwords by configuring Azure AD to write passwords back to the on-premises AD.

The problem, according to Microsoft, is that the password writeback feature may not be configured properly during enablement. A malicious Azure AD administrator can set the password of an on-premises AD account belonging to a privileged user to a known value and gain access to that account.

“To enable Password writeback, Azure AD Connect must be granted Reset Password permission over the on-premises AD user accounts. When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts),” Microsoft explained in its advisory.

This privilege escalation vulnerability is tracked as CVE-2017-8613 and it has been resolved by preventing password resets to privileged on-premises accounts.

Microsoft has provided detailed instructions on how organizations can check if they are affected. Users have been advised to update to version 1.1.553.0 of Azure AD Connect or apply mitigations suggested by the vendor.

Last week, Microsoft informed users that it patched yet another remote code execution vulnerability in its Malware Protection Engine. The flaw, discovered by Tavis Ormandy of Google Project Zero, could have been exploited to take control of a targeted system.

Ormandy and other Project Zero researchers identified several vulnerabilities in the Malware Protection Engine in the past weeks, including remote code execution and denial-of-service (DoS) flaws.

Advertisement. Scroll to continue reading.

Related Reading: Microsoft Patches Many Exploited, Disclosed Flaws

Related Reading: Microsoft Issues Emergency Patch in Response to Massive Ransomware Outbreak

Related Reading: Microsoft Patches Windows Flaws Exploited in Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.