Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability. The bug’s in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment. Leigh -Anne Galloway, Cyber Security Resilience Lead at Positive Technologies commented below.

Leigh -Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:

“Azure AD Connect allows a customer to use “all-in-one” domain account to access on-premise applications in the internal infrastructure as well as many cloud services (Office365, Microsoft Azure etc.). So, if an attacker gains unauthorized access to some on-premise AD user account, he can get access to cloud services as well. It is also possible to configure backward synchronization. This means that any changes (for example, password changes) made in the cloud (Azure AD) would be made in the on-premise infrastructure, too, so an attacker with cloud access will get access to your internal applications. This is the main security problem about clouds – their ads say you’ll get access to all your data anytime from anywhere… but the same universal access can be used by hackers, too.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.