Security Operations, Vulnerability Management, Identity, Privileged access management, AI/ML, Patch/Configuration Management

Microsoft Entra ID vulnerability allowed global admin impersonation

As outlined in HackRead, cybersecurity researchers have uncovered a significant vulnerability within Microsoft Entra Agent ID, a platform designed to manage AI identities. This flaw could allow attackers to impersonate global administrators within an organization's network.

The vulnerability, discovered by Silverfort researchers, resided in the Agent ID Administrator role. While intended to manage AI agent identities and related objects, the role's permissions were too broad, allowing administrators to modify nearly any Application Service Principal within a Microsoft Entra tenant. Attackers could exploit this by adding themselves as an owner to a high-privilege Service Principal, effectively hijacking its identity. This allows them to gain full control over the network, as demonstrated by a successful hijack of a global administrator account.

The implications are widespread, as approximately 99% of business networks utilize privileged Service Principals. Microsoft has since released a fix, rolling out a patch on April 9, 2026, that restricts the Agent ID Administrator role from managing owners of non-agent Service Principals. Organizations are advised to review their audit logs for suspicious changes to account ownership or the creation of new secrets on sensitive accounts.

Source: HackRead

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Access ControlBasic AuthenticationBiometricsBugCertificate-Based AuthenticationChallenge-Handshake Authentication Protocol (CHAP)CronDisassemblyDisaster Recovery Plan (DRP)Discretionary Access Control (DAC)

You can skip this ad in 5 seconds