Security Update: new Azure ad bug stops hackers getting caught

A Security Flaw has been found the Azure Active Directory

Cyber Security specialists have found a flaw with Azure Active Directory:
“This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the targeted organization’s tenant.” (Source)

This vulnerability is very challenging to fix because it is a flaw of the overall design of Azure Active Directory. Companies are encouraged to protect themselves, and engineers are working at a long term solution to this flaw.

For More Details about the vulnerability please read more here.

Or keep reading below for our suggestions on what to do.


What can you do

In an effort to prevent “Brute-Force password spray attacks” – Microsoft announced (On Sept 30, 2021) features to protect the endpoint with Azure AD Smart Lockout and IP lockout capabilities. These measures will allow customers to be able to respond to such attacks.

CRITICAL: It is important to keep Azure Up to date with the latest software to keep you protected.

Please check back, as we’ll update this article, and our social media as this continues to develop.


Britec can help

We’re here to help. From seasoned IT teams that just need a bit of support, to organizations who rely on external IT teams – please contact us if you’re struggling to get issues like this sorted out.