Full Report
Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. [...]
Analysis Summary
# Vulnerability: Microsoft Entra ID Authentication Failure Due to DNS Change
## CVE Details
- CVE ID: N/A (This summary describes an *incident/outage* caused by a service configuration change, not a specific, tracked vulnerability in the traditional sense that warrants a CVE.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Microsoft Entra ID (specifically services relying on DNS resolution for authentication), Microsoft Entra Connect (for on-premises synchronization), Microsoft Entra Connect Sync.
- Versions: Not specified (Affected environments are those utilizing the affected services at the time of the DNS change).
- Configurations: Environments attempting to resolve Azure services via DNS.
## Vulnerability Description
Microsoft experienced authentication failures primarily affecting **Microsoft Entra Connect** and **Microsoft Entra Connect Sync** features when clients attempted to connect to Azure services. This incident was caused by a recent, undocumented DNS configuration change introduced by Microsoft. The failure manifested as DNS resolution failures, preventing proper Single Sign-On (SSO) connection attempts to Azure services.
## Exploitation
- Status: Not applicable (This was an operational failure caused by a configuration change, not a security exploit.)
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Potential impact, as authentication failures can disrupt access controls. (Impact level not explicitly detailed, but service access was impacted.)
- Integrity: Potential impact, as authentication continuity was broken. (Impact level not explicitly detailed.)
- Availability: High. Service availability was directly impacted by DNS resolution failures across multiple Azure services.
## Remediation
### Patches
- No specific patch number is mentioned. The fix appears to be a service-side configuration reversion implemented by Microsoft.
### Workarounds
- The issue was resolved by Microsoft reverting the problematic DNS change. The article states: "At this time, customers should no longer encounter DNS resolution failures."
## Detection
- Indicators of Compromise (IoCs): Reports of authentication failures or timeouts when attempting to connect to Azure services, particularly when using Entra Connect features.
- Detection methods and tools: Monitoring Azure service health dashboards and user reports of failed SSO operations.
## References
- Vendor Advisories: Microsoft Azure Status Page (though the article notes the page typically only tracks widespread incidents, this incident prompted updates).
- Relevant links:
- bleepingcomputer com/news/microsoft/microsoft-fixes-entra-id-authentication-issue-caused-by-dns-change/