Full Report
Windows Admin Center flaws mean on-prem can attack cloud, and vice-versa Black Hat Asia Israeli researchers found a series of flaws in Microsoft's Windows Admin Center (WAC) and suggest this shows hybrid cloud management tools are a two-way attack surface that users don't spend enough time worrying about.…
Analysis Summary
# Vulnerability: Windows Admin Center Hybrid Management Flaws
## CVE Details
- **CVE IDs:**
- CVE-2025-64669
- CVE-2026-20965
- CVE-2026-23660
- CVE-2026-32196
- **CVSS Score:** Up to 7.8 (High)
- **CWE:** CWE-287 (Improper Authentication), CWE-281 (Permissions, Privileges, and Access Controls)
## Affected Systems
- **Products:** Microsoft Windows Admin Center (WAC), Azure Arc-enabled resources.
- **Versions:** On-premises Windows Admin Center and Azure-hosted WAC (prior to patched versions released by Microsoft).
- **Configurations:** Hybrid cloud environments where WAC is used to bridge management between on-premises servers and Azure Virtual Machines (VMs).
## Vulnerability Description
Researchers identified multiple vulnerabilities in how Windows Admin Center manages identities and file system permissions:
1. **Insecure Directory Permissions:** The installation directory for the on-premises version of WAC was not write-protected, allowing attackers to place malicious files alongside the application.
2. **Token Validation Weakness:** WAC utilizes Proof of Possession (POP) tokens to identify managed resources. However, target VMs failed to validate all fields within the POP token.
3. **Token Forgery/Replay:** POP tokens could be forged or reused, enabling an attacker to impersonate a legitimate management session and take control of tenant VMs.
4. **Cross-Boundary Lateral Movement:** These flaws collectively allow an attacker to pivot from a compromised on-premises WAC instance to attack Azure cloud resources, or vice versa.
## Exploitation
- **Status:** PoC demonstrated by researchers; no known exploits in the wild.
- **Complexity:** Medium (requires understanding of token structures and hybrid architecture).
- **Attack Vector:** Network (facilitated via the management plane).
## Impact
- **Confidentiality:** High (Access to managed VM data and tenant resources).
- **Integrity:** High (Ability to modify cloud/on-prem configurations and drop malware).
- **Availability:** Medium (Potential for unauthorized resource management/shutdown).
## Remediation
### Patches
- Microsoft has released updates for Windows Admin Center and associated Azure extensions to address these CVEs. Users should ensure they are running the latest version of WAC (available via the Microsoft Update Catalog or Azure Portal).
### Workarounds
- **Principle of Least Privilege:** Limit the scope of identities used by WAC to the minimum required resources.
- **Network Segmentation:** Restrict access to the WAC management interface to specific authorized IP ranges/VPNs.
## Detection
- **Identity Anomalies:** Monitor for cloud-only identities (service principals/managed identities) attempting to access on-premises systems, and vice versa.
- **Token Monitoring:** Audit logs for unusual token reuse or authentication attempts originating from unexpected geographic locations or IP addresses.
- **File System Monitoring:** Monitor for unauthorized file creation within the Windows Admin Center installation directories.
## References
- **Vendor Advisories:**
- hxxps[://]msrc[.]microsoft[.]com/update-guide/vulnerability/CVE-2025-64669
- hxxps[://]msrc[.]microsoft[.]com/update-guide/vulnerability/CVE-2026-20965
- hxxps[://]msrc[.]microsoft[.]com/update-guide/vulnerability/CVE-2026-23660
- hxxps[://]msrc[.]microsoft[.]com/update-guide/vulnerability/CVE-2026-32196
- **Research Credits:** Ilan Kalendarov and Ben Zamir (Cymulate), Black Hat Asia.