The Microsoft Corporation has fixed the privilege escalation flaw in Azure Active Directory (AD) Connect. The company’s update was addressed to the “important” vulnerability which hackers could exploit for hijacking the privileged users’ accounts.
The Azure AD Connect tool lets organizations integrate their on-premises identity infrastructure with Azure AD. Its “password writeback” feature gives users the opportunity to easily reset their on-premises passwords by configuring Azure AD to write passwords back to the on-premises AD.
However, Microsoft claims that the problem here is that during the enablement, the password writeback feature may not be configured properly. A malicious administrator of Azure AD can set the password of an on-premises AD account belonging to a privileged user to a known value and gain an access to the account.
“To enable Password writeback, Azure AD Connect must be granted Reset Password permission over the on-premises AD user accounts. When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts),” the Microsoft advisory states.
This privilege escalation vulnerability, which is tracked as CVE-2017-8613, has been resolved by preventing password resets to privileged on-premises accounts.
The Microsoft Corporation has released full instructions on how organizations can check if they are affected. Also, the company advised users to update to version 1.1.553.0 of Azure AD Connect or apply the vendor’s mitigations.
About a week ago, Microsoft reported that the company has already patched another remote code execution vulnerability in its Malware Protection Engine. The flaw, which Tavis Ormandy of Google Project Zero had found, could have been exploited by hackers to take control of targeted computers.
During the past weeks, Project Zero researchers in cooperation with Ormandy, have discovered a few vulnerabilities in the Malware Protection Engine, among which were the denial-of-service (DoS) flaws and the remote code execution.