"Users assigned the Agent ID Administrator role could take over arbitrary service principals, including those beyond agent-related identities, by becoming an owner and then add their own credentials to authenticate as that principal."
"In tenants where high-privileged service principals exist, it becomes a privilege escalation path. This ownership of a service principal effectively opens the door to an attacker to operate within the scope of its existing permissions."
"Following responsible disclosure on March 1, 2026, Microsoft rolled out a patch across all cloud environments to remediate the scope overreach on April 9."
"The architectural issue highlights the need for validating how roles are scoped and permissions are applied, especially when it comes to shared identity components."
The Agent ID Administrator role in Microsoft Entra ID allows AI agents to manage identity lifecycle operations. However, a security flaw enables users with this role to take over arbitrary service principals, leading to potential privilege escalation. This vulnerability allows attackers to gain control over service principals with elevated permissions, posing significant risks to tenant security. Microsoft addressed this issue with a patch that blocks unauthorized ownership assignments. The incident underscores the importance of validating role scopes and permissions in identity management systems.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]