Security

Azure blues: Active Directory Connect has password reset vuln

Attackers can dive out of the cloud to pwn admin passwords

Richard Chirgwin Thu 29 Jun 2017 // 04:55 UTC

Microsoft is warning sysadmins to check their Azure Active Directory Connect configurations and implement a patch against a credential-handling vulnerability.

The bug's in an Active Directory (AD) feature called password writeback. Azure AD can be configured to copy user passwords back to a local AD environment.

A convenience feature, password writeback is designed to simplify password resets, letting users change their local and cloud passwords simultaneously. It supports resets from Office365 and allows admins to push a reset from the Azure portal back to on-premises AD.

And if it's misconfigured, Microsoft writes, it can be vulnerable to attackers forcing resets to get access to a user's new password.

“When setting up the permission, an on-premises AD Administrator may have inadvertently granted Azure AD Connect with Reset Password permission over on-premises AD privileged accounts (including Enterprise and Domain Administrator accounts).”

A malicious cloud admin can therefore force resets of on-premises AD accounts – including those of admin-level users – and force the reset to a password of the attacker's choice. That would then get written back to the victim's local environment, and presto, the target's pwned.

Microsoft has patched the issue in this update to Azure AD Connect. ®

3 Comments

Broader topics

Narrower topics

Corrections Send us news

Other stories you might like

Despite growth, questions remain over whether SAP can get customers off-prem fast enough to appease investors

€500m cloud investments drag on profit

Lindsay Clark Fri 28 Jan 2022 // 16:47 UTC

SAP's operating profit has fallen 45 per cent year-on-year in the fourth calendar quarter pf 2021 to €1.47bn as cloud investments drag on profitability.
Despite boasting 17 per cent growth in cloud revenue to £9.4bn, the full-year results also show the pain involved as one of the world's largest software vendors attempts to transition to a new business model.
On a call with investors, CEO Christian Klein said: "These are very strong results during a challenging time for most businesses. They demonstrate the confidence our customers have in SAP and in the unique value we offer in helping them address an unprecedented set of challenges. We are optimistic about the year ahead and we are well on track to achieving our 2025 ambitions."

Continue reading
New tools to simplify wrapping your head around Kubernetes

Where to begin when you're ready to get your K8s on

Liam Proven in Prague Fri 28 Jan 2022 // 15:15 UTC

Engineer Nelson Elhage offers several reasons Kubernetes is so complex but this does at least mean that multiple companies offer tools to try to help you master it.
The Google-backed container-management system is famously difficult, even to spell or pronounce. (It's often called "k8s" for short: since "kubernetes" is 10 letters long, "k8s" signifies "k" + eight letters + "s", and is pronounced "kates".) The Mountain View mammoth even commissioned a comic to explain what it is. (It's long, but quite good.)
K8s is a set of tools for managing clusters – but not everyone has a spare cluster lying around that they can play with.

Continue reading
ISO.org outage hits day 3: Still in the dark as the important matter of bunk bed standards enters discussion

Time to get out ISO 22300:2021, Security and resilience – Vocabulary

Richard Speed Fri 28 Jan 2022 // 14:16 UTC

The great International Organization for Standardization outage is entering its third day as consultants find themselves bereft of technical documents with which to beat engineers.
Problems first appeared as 26 January drew to a close and the organisation noted: "We are currently facing a technical outage impacting our application's availability and performance. This outage is under investigation."
The following day brought good news. At 0822 CET on 27 January the group announced it had identified the issue (something to do with IT infrastructure) and a couple of hours later reported that some applications were being brought back up.

Continue reading

Capita offloads Microsoft licensing biz Trustmarque to private equity for £110m

Remainder of Capita's Portfolio of unwanted businesses to be expunged by year end, says CEO

Paul Kunert Fri 28 Jan 2022 // 13:45 UTC

Capita is again clearing out another of the previous CEO’s past conquests with confirmation this morning that it is offloading software licensing and hardware reseller Trustmarque to One Equity Partners for £111m.
Readers will no doubt be delighted to hear that the sale represents a good earner for Capita, everyone's fave outsourcing badass, which paid £57m for Trustmarque in 2016. Not all of Capita's other past divestments have proved as financially nourishing.
"We are pleased to have agreed the sale of Trustmarque to One Equity Partners following a competitive sales process," said Jon Lewis, who grabbed the controls of what appeared to be a slowly sinking ship in December 2017.

Continue reading
Internet Society condemns UK's Online Safety Bill for demonising encryption using 'think of the children' tactic

Plus: Cops' surveillance is used against drug gangs and not child abusers, says Tutanota

Gareth Corfield Fri 28 Jan 2022 // 12:56 UTC

Britain's controversial Online Safety Bill will leave Britons more exposed to internet harms than ever before, the Internet Society has said, while data from other countries suggests surveillance mostly isn't used to target child abusers online, despite this being a key cited rationale of linked measures.
Government efforts to depict end-to-end encryption as a harm that needs to be designed out of the internet as it exists today will result in "fraud and online harm" increasing, the Internet Society said this week.
Founded by Vint Cerf and Bob Kahn, the Internet Society is one of the oldest and most well-respected institutions guiding the path of the public internet today. Its cry against the draconian Online Safety Bill (aka Online Harms Bill) should cause policymakers to sit up and pay attention.

Continue reading
HPE has 'substantially succeeded' in its £3.3bn fraud trial against Autonomy's Mike Lynch – judge

All eyes turn to Priti Patel as midnight extradition deadline looms

Gareth Corfield Fri 28 Jan 2022 // 11:50 UTC

Updated Hewlett Packard Enterprise "substantially succeeded" in its multi-billion pound lawsuit against Autonomy founder Mike Lynch for fraud over that company's accounts.
Giving a summary of his full judgment this morning, trial judge Mr Justice Hildyard said that HPE "substantially succeeded" in its case. The full financial damages are yet to be announced publicly.
The finding is a massive victory for HPE, which saw its corporate reputation dragged through the mud during the trial as queues of ex-execs testified they didn't read due diligence documents before agreeing to the deal.

Continue reading

UK government responds to post-Brexit concerns and of course it's all the fault of those pesky EU negotiators

'Incalculable cost' of non-participation in Horizon programme 'continues to rise'

Richard Speed Fri 28 Jan 2022 // 11:45 UTC

The UK's European Scrutiny Committee has published the government's response to concerns over the Brexit divorce bill and the impact on the UK's participation in EU programmes.
The original report turned up in October 2021 and highlighted the costs incurred as Brexit negotiations went on. The UK was given the nod for participation in the likes of Horizon (the EU's big research fund) and Copernicus (the EU's Earth Observation programme), however approval allowing UK entities to actually bid is still lacking.
The maximum financial endowment of Horizon Europe is €95.5bn. Copernicus was reported as being €5.4bn in the original report. The majority of the UK's contribution to these and other programmes would normally have been expected to flow back into Blighty's coffers. But these are not normal times.

Continue reading
Crack team of boffins hash out how e-scooters should sound – but they need your help*

*They're probably fine

Richard Currie Fri 28 Jan 2022 // 11:03 UTC

Poll Boffins from UCL's Person-Environment-Activity Research Laboratory (PEARL) have linked arms with London e-scooter providers to decide on a "universal sound" for the silent but deadly transport mode.
It remains illegal in the UK to use a privately owned battery-powered deathtrap, but that hasn't stopped the great unwashed – as anyone who has suddenly had to dive off the path during a parkland walk will tell you.
However, to allow the craze in a regulated environment, rental firms have been popping up all over the country – including TIER, Lime and Dott in London – as evidenced by the amount of scooters cluttering pedestrian walkways or, indeed, the local river.

Continue reading
How to get banned from social media without posting a thing

Mme D finally takes to the Web 2.0 stage and becomes a bad actor

Alistair Dabbs Fri 28 Jan 2022 // 10:17 UTC

Something for the Weekend, Sir? "Is it in yet?"
There you go! It's working now! "There's no need to push it," I explain calmly. "Just put it right here and it should insert itself automatically, see?"
Mme D is trying to connect two social media accounts so she won't have to upload the same photo twice. Frankly, she doesn't even want to upload it once. She'd rather not have to deal with it at all.

Continue reading
BOFH: On Wednesdays, we wear gloves

In which Simon meets the new accountant

Simon Travaglia Fri 28 Jan 2022 // 09:30 UTC

Episode 2
>Ding!< >shudder<
"Hi there – it's Gary isn't it?" I ask, stepping into the lift. "One of our new breed of beancounters?"

Continue reading
Bouncing cheques or a bouncy landing? All in a day's work for the expert pilot

Sure, you can program an autopilot but will you be defeated by a Dell?

Richard Speed Fri 28 Jan 2022 // 08:31 UTC

On Call Some users are less than bright, and some are just slightly dim. But few are quite as dim as this high-flying employee of the world's formerly favourite airline. Welcome to On Call.
Today's story of tribulation by telephone comes from "James" (for that is not his name). It takes us back 10 years or so, when James was making a nice enough living as a self-employed computer repair person. Got a busted bit of kit? He was the local man to see.
"I had replaced a screen in a Dell laptop for a new customer who lived in a nice area, with a rather large house," he told us.

Continue reading

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Do not sell my personal information Cookies Privacy Ts&Cs

Topics

Resources

Situation Publishing

Get our Weekly newsletter

Security

Azure blues: Active Directory Connect has password reset vuln

Attackers can dive out of the cloud to pwn admin passwords

Similar topics

Broader topics

Narrower topics

Other stories you might like

Despite growth, questions remain over whether SAP can get customers off-prem fast enough to appease investors

New tools to simplify wrapping your head around Kubernetes

ISO.org outage hits day 3: Still in the dark as the important matter of bunk bed standards enters discussion

Capita offloads Microsoft licensing biz Trustmarque to private equity for £110m

Internet Society condemns UK's Online Safety Bill for demonising encryption using 'think of the children' tactic

HPE has 'substantially succeeded' in its £3.3bn fraud trial against Autonomy's Mike Lynch – judge

UK government responds to post-Brexit concerns and of course it's all the fault of those pesky EU negotiators

Crack team of boffins hash out how e-scooters should sound – but they need your help*

How to get banned from social media without posting a thing

BOFH: On Wednesdays, we wear gloves

Bouncing cheques or a bouncy landing? All in a day's work for the expert pilot

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

SIGN UP TO OUR DAILY NEWSLETTER