Vulnerability in Azure AD Connect Could Allow Elevation of Privilege

by Paul Schaeflein

Microsoft Security Advisory 4033453

Vulnerability in Azure AD Connect Could Allow Elevation of Privilege

Published: June 27, 2017
Version: 1.0

Microsoft is releasing this security advisory to inform customers that a new version of Azure Active Directory (AD) Connect is available that addresses an Important security vulnerability.

The update addresses a vulnerability that could allow elevation of privilege if Azure AD Connect Password writeback is misconfigured during enablement. An attacker who successfully exploited this vulnerability could reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts.
The issue is addressed in the latest version (1.1.553.0) of Azure AD Connect by not allowing arbitrary password reset to on-premises AD privileged user accounts.

https://technet.microsoft.com/library/security/4033453.aspx?f=255&MSPPError=-2147217396