Pages

Wednesday, May 15, 2019

AAD Connect 1.3.21.0 fixes two vulnerabilities


AAD Connect version 1.3.21.0 was released today, which fixes an elevation of privilege vulnerability found in version 1.3.20.0. This latest build is a pure security release -- it does not include any new features.
Fixed an elevation of privilege vulnerability that exists in Microsoft Azure Active Directory Connect build 1.3.20.0. This vulnerability, under certain conditions, may allow an attacker to execute two powershell cmdlets in the context of a privileged account, and perform privileged actions. This security update addresses the issue by disabling these cmdlets. For more information see security update.
To exploit this vulnerability, an attacker would need to authenticate to the Azure AD Connect server. These cmdlets can be executed remotely only if remote access is enabled on the Azure AD Connect server. This security update address the issue by disabling these cmdlets.

It is recommended to download and install AAD Connect 1.3.21.0 ASAP, rather than wait for the auto upgrade process to run which can take several days or may be disabled in your environment.

No comments:

Post a Comment

Thank you for your comment! It is my hope that you find the information here useful. Let others know if this post helped you out, or if you have a comment or further information.