Azure AD Connect v2.0.88.0 addresses a security issue in Microsoft.Data.OData and offers new functionality

Azure AD Connect

Roughly three months after the release of the last Azure AD Connect version, Microsoft released a security update to Azure AD Connect v2.x. to address a Denial of Service (DoS) vulnerability.

Microsoft recommends updating Azure AD Connect to v2.0.88.0 as soon as possible,

None of the Azure AD Connect v2.x releases are released for automatic upgrade. Manual upgrades are required to gain the new functionality and security levels once you're on the Azure AD Connect v2 path.

The upgrade to Azure AD Connect v2.0.88.0 triggers a full synchronization cycle, because synchronization rules have been modified.


What's New

Here's what's new in Azure AD Connect version v2.0.88.0:

Group writeback DN is now configurable

Microsoft added a configuration option to configure Group WriteBack with the display name of the synchronized group instead of the UUID.

Group WriteBack no longer requires the Exchange Schema

Microsoft removed the hard requirement for exchange schema when enabling Group WriteBack. This allows groups from Azure AD to be written back to Active Directory even when the Exchange Server schema extensions have not been added.

Azure AD Kerberos

For the recently announced Azure AD Kerberos functionality, the Azure AD Connect team extended the Windows PowerShell cmdlet to support custom top level names for trusted object creation and made a change to set the official brand name for the Azure AD Kerberos feature.


What's Fixed

Here's what's fixed in Azure AD Connect version v2.0.88.0:

  • Microsoft upgraded the version of the Microsoft.Data.OData package from v5.8.1 to v5.8.4 to address a Denial of Service (DoS) vulnerability
    in the OData protocol (CVE-2018-8269). This vulnerability is due to improperly handling web requests.
  • Microsoft made the Azure AD Connect wizard resizable to account for different zoom levels and screen resolutions and named elements to improve accessibility.
  • Microsoft addressed an issue where miisserver.exe was crashing due to a null reference.
  • Microsoft addressed an issue to ensure the seamless single sign-on (Desktop SSO)  value persists after upgrading Azure AD Connect to a newer version.
  • Microsoft modified the inetorgperson sync rules to fix an issue with account forests and resource forests.
  • Microsoft fixed radio button test to display a link more link.


Version information

This is version of Azure AD Connect.
This release in the 2.x branch for Azure AD Connect was made available for download as a 153 MB weighing AzureADConnect.msi on December 15, 2021.

You can download the latest version of Azure AD Connect here.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.