Ethical Hacking News
Microsoft has fixed a critical flaw in its Entra ID platform, known as the Agent ID Administrator role. This flaw allowed attackers to take over service accounts, posing significant privilege escalation risks to affected organizations. Microsoft has since restricted the role's capabilities, but this incident highlights the importance of monitoring sensitive roles and tracking service principal ownership changes.
Microsoft Entra ID platform had a critical vulnerability in the Agent ID Administrator role, allowing attackers to take over arbitrary service principals.The flaw was discovered by researchers who found that accounts with only the Agent ID Administrator role could take over non-agent service principals, enabling full compromise and privilege escalation.The impact of this vulnerability is significant, especially in environments where organizations already have privileged service principals and are using agent identities.The issue was exploited by an attacker who could take over any service principal by assigning ownership and adding credentials.Microsoft has since fixed this flaw, blocking such actions and restricting the Agent ID Administrator role to only agent-related objects.
Microsoft recently addressed a critical vulnerability in its Microsoft Entra ID platform, specifically targeting the Agent ID Administrator role. This flaw allowed attackers to take over arbitrary service principals, enabling full compromise and privilege escalation. The issue was discovered by researchers who found that accounts with only the Agent ID Administrator role could take over non-agent service principals, effectively granting capabilities similar to high-privilege roles.
The impact of this vulnerability is significant, especially in environments where organizations already have privileged service principals and are using agent identities. As adoption of the Agent ID Administrator role grows, the likelihood of exploitation increases, making it a critical identity security concern. The flaw was exploited by an attacker who could take over any service principal by assigning ownership and adding credentials, enabling full compromise.
In order to understand the severity of this issue, we must first dive into the context of Microsoft Entra ID and its Agent Identity Platform. This platform lets AI agents have identities in Microsoft Entra ID, managed by the Agent ID Administrator role. Researchers discovered that this role could take over arbitrary service principals – including those with nothing to do with agent identities – by becoming owner, then adding credentials and authenticating as that principal.
This behavior is not new; it has been observed in various tenants already using agent identities at a significant scale. The real issue here is the scoping gap between agent and standard identities. Microsoft introduced Agent ID in Microsoft Entra ID to manage AI agents as identities, with objects like blueprints, agent identities, and agent users relying on standard directory components such as service principals.
The problem lies in that the Agent ID Administrator role was not clearly marked as privileged in the UI. It is only when researchers started exploring its capabilities that they discovered this critical flaw. This vulnerability is particularly concerning because most organizations already have privileged service principals, and many also use agent identities. As adoption of the Agent ID Administrator role grows, the likelihood of exploitation increases.
To understand why this issue was not detected earlier, let us take a closer look at the timeline surrounding the discovery and fix of this flaw:
The vulnerability was identified on February 24, 2026. It took two weeks for researchers to confirm the behavior; by March 1, 2026, they had submitted a report to Microsoft.
However, it wasn't until March 3, 2026, that the case was opened by Microsoft. Another two weeks passed before the issue was confirmed by Microsoft on March 26, 2026.
Microsoft has since fixed this flaw, blocking such actions and restricting the Agent ID Administrator role to only agent-related objects. The researchers published a video PoC for this flaw, where they demonstrate how an attacker can take over a privileged service principal, demonstrating how this vulnerability could be exploited in practice.
This incident serves as a warning to organizations worldwide: ensure that their systems are properly secured, especially those involving AI agents and privileged identities.
Related Information:
https://www.ethicalhackingnews.com/articles/MICROSOFT-FIXES-ENTRA-ID-FLAW-ENABLING-PRIVILEGE-ESCALATION-A-WARNING-TO-ORGANIZATIONS-WORLDWIDE-ehn.shtml
https://securityaffairs.com/191414/security/microsoft-fixes-entra-id-flaw-enabling-privilege-escalation.html
https://thehackernews.com/2026/04/microsoft-patches-entra-id-role-flaw.html
https://conzit.com/post/microsoft-fixes-entra-id-role-flaw-preventing-tenant-takeovers
Published: Tue Apr 28 07:47:05 2026 by llama3.2 3B Q4_K_M
