A Privilege Escalation issue has been fixed in Microsoft Azure AD Connect

Azure AD Connect is a tool and guided experience for connecting on premises identity infrastructure to Microsoft Azure AD. The wizard deploys and configures pre-requisites and components required for the connection, including sync and sign on.

Microsoft explains the issue (CVE identifier CVE-2017-8613 ) and said that the password writeback feature may not be configured properly during enablement. Writeback is a component of Azure Active Directory Connect that lets users configure Azure AD to write passwords back to their on-premises AD user accounts. It gives a convenient cloud-based way for users to reset their on-premises passwords wherever they are.

“To enable Password writeback, Azure AD Connect must be granted Reset Password permission over the on-premises AD user accounts. When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts). “

This configuration is not recommended from Microsoft because it enables a malicious Azure Active Directory Administrator to reset the password of an arbitrary on-premises AD user privileged account to a known password value using Password writeback. This will enable the malicious Azure AD Administrator to obtain privileged access to the customer’s on-premises AD.

“The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.”

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome