Microsoft has identified a vulnerability in its Windows Azure Active Directory and has rushed in with a patch to take care of the flaw.
For anyone unfamiliar with the vulnerability, the Azure Active Directory (or AD) is used in enterprise systems, where administrators assign passwords to enable employees to access certain cloud-based applications, like DropBox or Office 365, while using the on-premise systems.
The Azure AD Connect acts as a bridge between the identity infrastructure within an organization to Microsoft Azure AD, so that these cloud-based services could be smoothly availed.
Microsoft found that there may be instances where system administrators could have inadvertently allowed password writeback permission to users of the client systems within the premises.
This is determined to be a possible cause of the vulnerability.
The flaw’s existence could result in an attacker gaining access and resetting an organization’s passwords.
Even the accounts of privileged users like the domain administrators could be overtaken and blocked by the attacker. Microsoft attempted to address this vulnerability now.
Microsoft Posts Patch
The tech giant sent an advisory to all system administrators warning them of a possible vulnerability in the Windows suite, advising them to immediately download the update in the form of a patch.
The patch is identified as 1.1.553.0 of Azure AD Connect, and those who are managing systems in their organizations can use this patch to overcome the lacuna.
Any arbitrary permission for password writeback will be blocked once the new patch is installed, and the vulnerability will stand taken care of.
Addressing the Vulnerability
As a matter of abundant precaution, Microsoft recommended that administrators must run a thorough check on their systems to find out if the Azure AD password writeback permission has been allowed to users in their on-premise systems.
This might have occurred while setting up the various permissions, and by oversight, the administrator could say “yes” or tick “enable” to the reset password feature instead of “disable.” Only such an action could result in this vulnerability, thus proving to be risky to the enterprise.
If the new update is installed, the system will block administrators from assigning such permissions and will prop up a question whether the command is to be complied with or not.
This will alert the administrator and he or she can quickly make amends.
Resolving Internal Conflicts
While this recent vulnerability may be approached from the perspective of an external attacker hacking into the system to do mischief, there are also possibilities of a malicious administrator within an organization who’s attempting to do the same.
The new solution offered by Microsoft addresses this eventuality and is sure that the update patch will make the Active Directory safe for the organization and the individual users of on-premise systems.
Detailed Advisory Explains Vulnerability
Microsoft has made it more convenient for system administrators to carry out changes by issuing a detailed advisory, apart from releasing the patch.
In this advisory, the company has given a detailed guide with step-by-step screenshots and explanations to completely kill this vulnerability.
This virtual tutorial is simple to understand and enact, accommodating all levels of experience administrators may or may not have.
There are ways outlined to initiate remedial steps and, even if an organization’s system is not affected, Microsoft is suggesting that anyone using this system runs through the exercise anyway, to ensure their security is intact should any issues arise in the future.
The advisory also includes instructions to handle situations where an administrator is unable to carry out the amendment in the system and make the update functional due to some legacy issues.
The ultimate idea behind the whole exercise is to first identify if the threat exists, as defined; remove the threat from the system and then address the future vulnerability by updating the Azure AD Active Directory with the patch issued by the company.
This way, administrators will be able to resolve the vulnerability issue and feel secure.