Introduction
A high-severity security flaw in Windows Admin Center’s Azure Single Sign-On implementation has revealed how weaknesses in identity token validation can undermine isolation across entire Azure tenants. The vulnerability allows attackers to pivot from a single compromised virtual machine into broader Azure environments, bypassing expected trust boundaries.
Background and Discovery
The issue was uncovered by Cymulate Research Labs and is tracked as CVE-2026-20965. It affects Azure virtual machines and Azure Arc-connected systems managed through Windows Admin Center when Azure SSO is enabled.
Microsoft addressed the vulnerability with the release of Windows Admin Center Azure Extension v0.70.00 on January 13, 2026, following responsible disclosure in August 2025. Any deployment running versions below v0.70.00 remains exposed.
Technical Details
Windows Admin Center relies on two separate authentication tokens during Azure SSO sessions:
- WAC.CheckAccess token: Validates role-based access using the user principal name.
- Proof-of-Possession token: Bound to a browser-generated key pair intended to prevent token replay.
The vulnerability stems from improper validation and binding between these tokens. Key flaws identified include:
- No enforced UPN matching between WAC.CheckAccess and PoP tokens.
- Acceptance of cross-tenant PoP tokens.
- Support for non-gateway URLs, including direct IP access over port 6516.
- Reused nonces in PoP tokens.
- An unscoped WAC.CheckAccess token that grants tenant-wide access once accepted.
When combined, these weaknesses allow attackers to mix a stolen access token with a forged PoP token, effectively collapsing machine-level isolation.
Timeline of Events
- August 2025: Vulnerability privately disclosed to Microsoft.
- January 13, 2026: Patch released in Windows Admin Center Azure Extension v0.70.00.
- Current Status: No confirmed in-the-wild exploitation, but retrospective investigation is strongly recommended.
Attack Chain Overview
A successful attack requires local administrator access on a WAC-enabled Azure VM or Arc-connected machine, along with a privileged user initiating a session via the Azure Portal. The documented attack path includes:
- Dumping Windows Admin Center certificates and launching a rogue service.
- Capturing a privileged user’s WAC.CheckAccess token during portal connection.
- Enumerating additional targets through metadata services or subnet scanning.
- Forging a PoP token using attacker-controlled tenant credentials and binding it to the target resource.
- Issuing InvokeCommand requests to achieve remote code execution on other WAC-managed systems.
- Repeating the process for lateral movement across resource groups or subscriptions.
Impact and Scope
Successful exploitation enables lateral movement, privilege escalation, credential theft, and potential cross-subscription compromise. Abuse of fake or external tenant UPNs also complicates detection and attribution.
Detection and Monitoring Guidance
Organizations should review historical logs for indicators of compromise. Notable signals include:
- Logons from unexpected Windows Admin Center virtual accounts such as
WAC_user@externaltenant.onmicrosoft.com. - Spikes in InvokeCommand activity originating from trusted contexts.
- New or anomalous identities appearing on managed hosts.
Example KQL query for suspicious logons:
DeviceLogonEvents
| where Timestamp > ago(30d)
| where AccountName has "@"
| where not(AccountName has "<your-tenant>")
| project Timestamp, DeviceName, AccountName, ActionType, LogonType
| order by Timestamp desc
Additional indicators include port 6516 exposed broadly via Just-In-Time access rules, rogue Windows Admin Center services, and reuse of unscoped PoP tokens.
Response and Mitigation
Immediate remediation steps include:
- Upgrade Windows Admin Center Azure Extension to v0.70.00 or later.
- Restrict network security group and JIT access for port 6516 to approved gateway endpoints only.
- Increase monitoring and alerting on Windows Admin Center authentication and command execution logs.
Expert Commentary
This vulnerability highlights how subtle gaps in token validation can transform local administrative access into full cloud compromise. Identity and access controls remain a prime target for attackers, especially where on-premises style tooling intersects with cloud-native authentication.
Outlook
As organizations continue to integrate hybrid management platforms, rigorous validation of identity tokens and continuous security testing are critical. Proactive simulation and red-team exercises can help uncover similar trust boundary failures before they are exploited.
Sources
- Microsoft Windows Admin Center Security Updates: https://learn.microsoft.com/windows-server/manage/windows-admin-center/overview
- Windows Admin Center Azure Extension Releases: https://learn.microsoft.com/windows-server/manage/windows-admin-center/extensions
- Microsoft Security Response Center (MSRC): https://msrc.microsoft.com/update-guide
- CVE Record (once fully published): https://www.cve.org/CVERecord?id=CVE-2026-20965
