Vulnerability in AzureAD Connect

Yesterday a vulnerability become known in AzureAD Connect. This join is on if the option Password writeback is configured.

Mt803213.EB9A43C32235251CEBA30763CA023255(en-us,Security.10).png

Through the vulnerability in combination with the generous handing out rights it is possible for an attacker to reset passwords and so access to accounts.

Meanwhile a AzureAD connect update available in which this vulnerability is fixed. It is also to reduce risk by rights for the Password of the account that is used to withdraw writeback.

Microsoft recommend AzureAD connect also to update to version 1.1.553.0 If you are not using the Password Write back option.

More information can be found in Microsoft Security Advisory 4033453. The release notes of version 1.1.553.0 are here ..

Leave a Reply