Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
Released: Aug 10, 2021
Last updated: Aug 10, 2021
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2021-36949
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation Less Likely
FAQ
What should I do to be protected against this vulnerability?
In addition to applying the updates in this CVE, you will need to disable NTLM as per the guidance as follows:
For Azure Active Directory Connect, see Prerequisites for Azure AD Connect For Azure Active Directory Connect Provisioning Agent, see Prerequisites for Azure AD Connect cloud sync
What must an attacker do to exploit this vulnerability
The attacker must be able to establish Man-in-the-middle between your Azure AD Connect server and a domain controller. The attacker also needs to possess domain user credentials to be able to exploit this vulnerability.
Acknowledgements
- Eyal Karni with Crowdstrike
- Sagi Sheinfeld with Crowdstrike
- Yaron Zinar with CrowdStrike
Security Updates
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.
- 1.1.582.0
- 2.0.8.0
- 1.6.11.3
Disclaimer
Revisions
Information published.
The following revisions have been made: 1) In the Security Updates table, added Azure Active Directory Connect Provisioning Agent as it is also affected by this vulnerability 2) Updated FAQs.