The Download
A senior cloud security researcher at Semperis announced a critical vulnerability in Microsoft Entra ID at Black Hat, where attackers with admin-level access can exploit specific roles and authentication mechanisms to escalate their privileges to global administrator, potentially compromising an entire cloud environment. This flaw highlights significant risks associated with Microsoft cloud security, particularly in managing and securing privileged roles and permissions.
Exploitable Entra ID Issue: A flaw in Microsoft Entra ID allows attackers with admin access to escalate their privileges to global administrator, granting control over an organization's entire cloud environment.
Vulnerable Roles: The issue arises from the ability of Application Administrators to assign credentials to service principals, leading to unauthorized privilege escalation.
OAuth 2.0 Exploitation: Attackers can use OAuth 2.0 client credential flow to gain unauthorized access.
Critical Service Flaws: Vulnerabilities were found in specific Microsoft services like Viva Engage, Rights Management Service, and Device Registration Service, with varying severity levels.
What You Can Do
First, the attack only works with administrator access, however, with this vulnerability, the attacker can escalate privileges to Global Admin which gives the highest permissions to change anything and everything on the Microsoft 365 tenant for instance. Microsoft is implemented a quick patch to its cloud service to stop the privilege escalation. Here is what you can do to mitigate this risk in the future:
Restrict Application Administrator Privileges: Limit the roles and permissions of Application Administrators to reduce the risk of privilege escalation.
Regularly Audit Entra ID Logs: Monitor Entra ID audit logs frequently to detect and respond to any suspicious activities, especially around service principals.
Implement Least Privilege Access: Adopt a least privilege access model across your cloud environment, ensuring that no user has more permissions than necessary for their role.
To Learn More: