Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

by Michael Trantas
Senior Solutions Architect

Microsoft has recently identified a new vulnerability that will allow a potential attacker the ability to establish a man-in-the-middle exploit between your local Azure AD Connect server and a domain controller.  This is especially important because it requires that the attacker possess a set of domain user credentials that can easily be updated with elevated privileges, to exploit the vulnerability – this user can be a service account, vendor account or generic user account.  All of which can be easily overlooked or obtained through some form of social engineering.

While Microsoft has not reported any occurrences of this vulnerability being exploited in the public, they have recommended that engineers apply an update to their Microsoft Azure Active Directory Connect 2.0.x instance, 1.0.x instance and/or their Azure Active Directory Connect Provisioning Agent to prevent this exploit.

Helient strongly recommends that thorough testing be performed prior to rolling out this fix to production systems and is available to assist anyone needing help.  Additionally, Helient recommends that all privileged accounts secure their usernames and  passwords using a software vault secured with two-factor authentication.

If you would like assistance planning and remediating this vulnerability in your environment, please contact our experts at service@helient.com.