Did You Know: Azure Active
Directory Connect Vulnerability

By David Mobley, Senior IAM & Information Security Consultant, MDS.

On 12/12/2017, Microsoft released a security advisory for all users who are currently using Azure Active Directory Connect.

This security alert details a specific vulnerability for the account created to install and administer the application. The account was created with settings that allowed a user with password administrator rights the ability to change the password to a value known to them. This allowed you to sign in using this account, and this would constitute an elevation of privilege.

Microsoft has provided a new version of Azure AD Connect that fixes this issue, as well as a PowerShell script that changes to permissions of this account to close this vulnerability. You can see more information on Security Hotfix for Azure AD Connect and Security Advisory.

Maureen Data Systems can help you close this vulnerability and run a full security assessment to keep you safe from other potential threats.

Please contact us at contactus@mdsny.com to set up an appointment to talk to one of our cybersecurity experts.

Pulling the plug doesn't have to be your only security solution.

Don't become part of a rising statistic -- ensure your company is armed against a security hack.