A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network.
The flaw allows trusted users with limited or temporary privileges within a domain, such as the ability to change passwords or add users to administrative groups, to escalate privileges,
Microsoft didn’t release a patch to fix the bug, rather it made available a PowerShell script.
For More:
https://threatpost.com/permissions-flaw-found-azure-ad-connect/129170/
No comments:
Post a Comment