Microsoft has issued an update for Azure Active Directory (AD) Connect fixing a flaw that could lead to an elevation of privilege.
The vulnerability (CVE-2017-8613) comes into play if AD Connect Password writeback is misconfigured during enablement, Microsoft said in advisory 4033453. If exploited an attacker could potentially reset passwords gaining access to on-premise AD privileged user accounts. AD Connect version 1.1.553.0, which Microsoft recommends be uploaded immediately, eliminates this issue by not allowing arbitrary password resets to on-premises AD privileged user accounts.
Microsoft wrote that the new version Azure AD: