Wednesday, June 28, 2017

Security Vulnerability in Azure AD Connect

If you have recently upgraded your DirSync synchronization tool to Azure AD Connect to get your contacts up to Office 365, you will need to do it again.

An exploit in the new Microsoft cloud synchronization tool has just been discovered which allows elevation of permissions.  This exploit allows an attacker to reset the password to an on-premises Active Directory account and gain privileged access such as Domain Admin over a companies domain.

The exploit is in the "Password write back is a component of Azure AD Connect" which needs to be enabled for this exploit to work.

A write-up of this security vulnerability can be found here:

https://technet.microsoft.com/library/security/4033453.aspx?f=255&MSPPError=-2147217396

Luckily most my customers are still using DirSync and are not affected by this vulnerability.

For a comparison between DirSync and Azure AD Connect please see:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-hybrid-identity-design-considerations-tools-comparison

No comments:

Post a Comment