Microsoft launches privilege escalation attack on itself with Office 365

A Microsoft Azure Active Directory (AD) Connect flaw leaves Office 365 hybrid installations vulnerable to privilege escalation attacks by default

A flaw in the way Microsoft Azure Active Directory (AD) Connect configures the AD synchronisation account in Office 365 hybrid installations, creates stealthy admins in the user group by default. Enterprises with Office 365 deployments and on-premise Active Directory, who then use Azure AD Connect to sync between on-premise and cloud, will have been exposed to this privilege escalation vulnerability.

Click here to read complete article