Azure AD Connect – Potential vulnerability in version 1.3.20.0

A vulnerability in Azure Active Directory Connect (Azure AD Connect), the directory synchronization tool for Office 365/Azure AD, version 1.3.20.0 (the latest one released last late April) has been found.

This vulnerability may lead to an elevation of privileges, under specific conditions, allowing an attacker to execute 2 PowerShell cmdlets in the context of a privileged account.

Details are available here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1000

A new version of Azure AD Connect is under way to fix this issue; stay tuned.

UPDATE the new version 1.3.21.0 is available from download here http://www.microsoft.com/en-us/download/details.aspx?id=47594

Leave a Comment

Your email address will not be published. Required fields are marked *