Share This Post

Azure / Patch Management / Patch Tuesday

Microsoft Releases New Azure AD Connect to Plug Security Hole

With cloud use becoming more prevalent, unknown security issues will abound.

Microsoft is now warning customers using its Azure AD Connect tool should upgrade quickly to a new version it has released. The old version has a security vulnerability that allows Elevation of Privilege.

Microsoft Security Advisory 4033453

The update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.

The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

The most current version of the tool (with the vulnerability fixed) is available for download here: Microsoft Azure Active Directory Connect

Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

IT/Dev Connections

Share This Post

Leave a Reply