With cloud use becoming more prevalent, unknown security issues will abound.
Microsoft is now warning customers using its Azure AD Connect tool should upgrade quickly to a new version it has released. The old version has a security vulnerability that allows Elevation of Privilege.
The update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.
The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.
The most current version of the tool (with the vulnerability fixed) is available for download here: Microsoft Azure Active Directory Connect
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!