This Microsoft Entra vulnerability could be catastrophic

As jobs around The world has changed its digital infrastructure over the past decade of its host servers to the cloud, they have benefited from standard and domestic security features of the main cloud providers such as Microsoft. But with a lot of riding on these systems, if something is wrong, it can also have catastrophic consequences on a huge scale. Case in: Dirk-Zean Moghma security researcher recently on a pair of Microsoft Lajevard’s accessal management vulnerability and platform that can be exploited to potentially catastrophic occupation of all azure customer accounts.

Known as Entra ID, the system stores azure cloud customer identity, system access control, subscriptions and management tools. The Mollema Security Entra ID has studied depth and has published numerous studies on the system’s weaknesses, formerly known as Azure Active Directory. But when preparing to attend the Black Hat Security Conference in Las Vegas in July, Molma discovered two vulnerabilities that he realized that he could be used to gain the privileges of the global supervisor – in essence the state of God – and endanger each Entra directory, or what is known as “tenant”. Molma says it exposed almost every Tenant Entra ID in the world except for cloud infrastructure.

“I was just staring at my screen. I loved,” No, this shouldn’t really happen, “says Mulma, who runs the Dutch cyber security company and specializes in cloud security. “” It was very bad. I say as bad as it gets bad. “

“From my own tenants – my test tenant or even a test tenant – you can request these signs and you can basically forge anyone else in anyone else’s tenant,” Molma adds. “This means you can correct the configuration of other people, create new users and administrators in that tenant, and do whatever you want.”

Given the seriousness of the vulnerability, Molma revealed her findings to Microsoft’s security center on July 14, the same day she discovered these defects. On that day, Microsoft began an investigation into the findings and issued a worldwide fixed on July 17. The company confirmed to Mollema that the issue had been resolved until July 23 and took additional measures in August. Microsoft issued CVE for vulnerability on September 4.

“We have quickly reduced the newly identified issue and accelerated the correction work to eliminate the use of the heritage protocol as part of our safe initiative,” said Microsoft’s deputy engineering deputy engineering at the Microsoft Security Response Center. “We executed a code change in the logic of vulnerable validation, tested the correction and used it in our cloud ecosystem.”

Galagar says Microsoft found “no evidence” of vulnerability during its research.

Both vulnerabilities are related to heritage systems that are still working on intra ID. The first includes a kind of azure authentication that Mollema is known as actor signs issued by a vague azure mechanism called the “Access Control Service”. The actor’s symptoms have some specific features of the system that Mollema can be useful for an attacker when combined with another vulnerability. Other drawbacks were a major defect in a programming interface of the AZURE active directory programming that is used as a “chart” used to facilitate access to data stored in Microsoft 365. Microsoft is retiring in the AZUure active directory chart and transferring users to its successor, Microsoft’s diagram designed for Entra ID. This disadvantage is due to the failure of the azure advertisement chart for correct approval that the Lajevard tenant was requesting access, which could be manipulated to accept the API of an actor from another tenant who had to be rejected.