back to article Azure blues: Active Directory Connect has password reset vuln

Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability. The bug's in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment. A convenience …

  1. Chika

    Azure do!

    1. Captain DaFt


  2. DougMac

    Well, duh

    >When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts..

    Because how to prevent that is missing in the docs altogether.

    Microsoft tends to document sparsely, and only "ideal" setups, without telling you generally how to get to that "ideal" state. So generally only the Windows admins that are super-well versed/trained in the microsoft waydo things the way the Microsoft devs assume the rest of the world does, leaving everybody else floundering around.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019