Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability. The bug’s in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment. Leigh -Anne Galloway, Cyber Security Resilience Lead at Positive Technologies commented below.
Leigh -Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:
“Azure AD Connect allows a customer to use “all-in-one” domain account to access on-premise applications in the internal infrastructure as well as many cloud services (Office365, Microsoft Azure etc.). So, if an attacker gains unauthorized access to some on-premise AD user account, he can get access to cloud services as well. It is also possible to configure backward synchronization. This means that any changes (for example, password changes) made in the cloud (Azure AD) would be made in the on-premise infrastructure, too, so an attacker with cloud access will get access to your internal applications. This is the main security problem about clouds – their ads say you’ll get access to all your data anytime from anywhere… but the same universal access can be used by hackers, too.”