Powershell script to check if Azure AD Connect is affected by the vulnerability described in CVE-2021-36949

By | August 13, 2021

The script below will check if your Azure AD Connect is running a version affected by the vulnerability described in CVE-2021-36949. Affected versions are 1.6.4.0 and 2.0.3.0.

#Disclaimer: This script is provided as-is with no warranties of any kind

Write-Host "Checking if your Azure AD Connect version is affected by the vulnerability described in CVE-2021-36949"

Try
{
$params = ((Get-ADSyncGlobalSettings).Parameters | select Name,Value)
foreach($p in $params)
{
if($p.name -eq 'Microsoft.Synchronize.ServerConfigurationVersion')
{
Write-Host 'Your version is' $p.value
if($p.Value -eq '1.6.4.0' -or $p.Value -eq '2.0.3.0')
{
Write-Host 'You are running a version that is vulnerable - update your Azure AD Connect installation' -BackgroundColor DarkRed -ForegroundColor White
}
else
{
Write-Host 'You are running a version that is not affected' -BackgroundColor DarkGreen -ForegroundColor White
}
break
}
}
}
Catch
{
Write-Host "Unable to check Azure AD Connect version - make sure you are running this script on the server where AAD Connect is installed."
}

Try
{
if(Get-ADSyncAutoUpgrade)
{
Write-Host "AutoUpgrade is enabled."
}
else
{
Write-Host "AutoUpgrade is not enabled."
}
}
Catch
{
Write-Host "Unable to check if Azure AD Connect AutoUpgrade is enabled."
}

This image has an empty alt attribute; its file name is Capture-1.jpg

If you look at the output, you see that the script also checks if the auto-upgrade feature is enabled. By default, it is but as explained in the version history, only some releases will be deployed by auto-upgrade. The last one that is marked as auto-upgrade release is 1.4.25.0 from 28.09.2019, so Microsoft obviously rarely makes use of this function. Therefore, see the description of the manual upgrade process to make sure your AAD Connect is up-to-date.

Links:

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36949 

Azure AD Connect: Version release history

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history

Azure AD Connect: Upgrade from a previous version to the latest

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-upgrade-previous-version

Two new Azure AD Connect versions were released to prevent MitM attacks towards Domain Controllers (CVE-2021-36949)

https://dirteam.com/sander/2021/08/10/two-new-azure-ad-connect-versions-were-released-to-prevent-mitm-attacks-towards-domain-controllers-cve-2021-36949/ 

Leave a Reply

Your email address will not be published. Required fields are marked *