Ilan Kalenadrov

**Name of the Vulnerable Software and Affected Versions** Windows Admin Center versions prior to 0.70.00 **Description** Improper verification of cryptographic signatures in the Azure AD SSO implementation of Windows Admin Center allows an authorized attacker with local administrator access on a machine to bypass authentication and authorization mechanisms. The issue stems from the improper validation of Proof-of-Possession (PoP) tokens, where a stolen admin access token can be mixed with a forged PoP token to impersonate privileged users. This can lead to local privilege escalation, lateral movement across the entire tenant, and tenant-wide remote code execution (RCE). The exploitation involves sending a specially crafted HTTPS request. **Recommendations** Update Windows Admin Center Azure Extension to version 0.70.00 or later.