Hi everyone!

I just thought I’d alert you all to a recent Elevation of Privilege vulnerability that has been identified in Azure AD Connect, Microsoft’s tool to sync Active Directory Domain Services and Azure Active Directory. This vulnerability is described on TechNet.

This vulnerability is especially a concern for environments that take advantage of the Password Writeback feature in Azure AD Connect, a requirement for organisations who wish to use the Self Service Password Reset portal to enable users to reset their password themselves once they have verified who they are using their recovery options.

A user with malicious intentions who is able to successfully exploit this vulnerability could reset passwords to privileged user accounts in ADDS and as a result, potentially gain access to your environment.

Microsoft advises that users upgrade their version of Azure AD Connect to at least 1.1.553.0 as soon as possible. This version addresses the vulnerability by blocking password write-back requests for privileged accounts in ADDS unless the user in Azure AD who is requesting the password reset is the owner of the corresponding account in ADDS. Azure AD Connect uses the adminCount attribute from ADDS to determine whether the account is a privileged account or not.

admincount

You can find more information about this new release of Azure AD Connect on Microsoft Docs.

Hope that helps!

About the author