Did You Know: Azure Active
Directory Connect Vulnerability
By David Mobley, Senior IAM & Information Security Consultant, MDS.
On 12/12/2017, Microsoft released a security advisory for all users who are currently using Azure Active Directory Connect.
This security alert details a specific vulnerability for the account created to install and administer the application. The account was created with settings that allowed a user with password administrator rights the ability to change the password to a value known to them. This allowed you to sign in using this account, and this would constitute an elevation of privilege.
Microsoft has provided a new version of Azure AD Connect that fixes this issue, as well as a PowerShell script that changes to permissions of this account to close this vulnerability. You can see more information on Security Hotfix for Azure AD Connect and Security Advisory.
Maureen Data Systems can help you close this vulnerability and run a full security assessment to keep you safe from other potential threats.
Please contact us at firstname.lastname@example.org to set up an appointment to talk to one of our cybersecurity experts.