CVE-2024-43477
📋 TL;DR
This vulnerability allows unauthenticated attackers to disable Verifiable ID's on other tenants in Decentralized Identity Services due to improper access control. It affects organizations using Microsoft's Decentralized Identity Services with Verifiable ID functionality. The attacker does not need any credentials or authentication to exploit this flaw.
💻 Affected Systems
- Microsoft Decentralized Identity Services
📦 What is this software?
Entra Id by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
An attacker could systematically disable all Verifiable ID's across multiple tenants, disrupting identity verification services and potentially causing service outages or authentication failures.
Likely Case
Targeted attacks disabling specific Verifiable ID's on high-value tenants, causing temporary disruption to identity verification processes.
If Mitigated
With proper network segmentation and access controls, impact would be limited to specific exposed services only.
🎯 Exploit Status
Microsoft has not disclosed technical details; exploitation appears straightforward based on CVSS and description
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Microsoft security update for specific version
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477
Restart Required: No
Instructions:
1. Review Microsoft security advisory 2. Apply Microsoft-provided updates for Decentralized Identity Services 3. Verify service functionality post-update
🔧 Temporary Workarounds
Network Access Restriction
allRestrict network access to Decentralized Identity Services endpoints to trusted sources only
Monitoring and Alerting
allImplement monitoring for Verifiable ID disablement events and set up alerts for suspicious patterns
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to Decentralized Identity Services
- Enable enhanced logging and monitoring for all Verifiable ID operations and disablement events
🔍 How to Verify
Check if Vulnerable:
Check if your tenant uses Microsoft Decentralized Identity Services with Verifiable ID functionality and review Microsoft security advisory for affected versionsCheck Version:
Check Azure portal or Microsoft 365 admin center for service version informationVerify Fix Applied:
Verify that Microsoft security updates have been applied and test Verifiable ID functionality remains operational📡 Detection & Monitoring
Log Indicators:
- Unexpected Verifiable ID disablement events
- Unauthenticated API calls to identity services
- Multiple disablement requests from single source
Network Indicators:
- Unusual traffic patterns to Decentralized Identity Services endpoints
- Requests bypassing authentication mechanisms
SIEM Query:
source="AzureAD" OR source="MicrosoftIdentity" AND (event_type="VerifiableID_Disabled" OR operation="DisableVerifiableID") AND user_authenticated="false"