Severity
High
Analysis Summary
A high-severity vulnerability in Windows Admin Center (WAC) Azure Single Sign-On has exposed Azure virtual machines and Arc-connected systems to unauthorized tenant-wide access. Discovered by Research Labs and tracked as CVE-2026-20965, the flaw stems from improper token validation that breaks the security boundary between individual machines and entire Azure environments. Microsoft patched the issue in Windows Admin Center Azure Extension v0.70.00 on January 13, 2026, following responsible disclosure in August 2025. Any deployment running versions below v0.70.00 remains vulnerable.
The vulnerability affects WAC’s dual-token authentication model, which relies on a WAC.CheckAccess token for role verification and a Proof-of-Possession (PoP) token to prevent replay attacks. Due to multiple validation gaps, attackers can mix a stolen WAC.CheckAccess token with a forged PoP token. The flaws include lack of UPN matching between tokens, acceptance of cross-tenant PoP tokens, non-gateway URLs in PoP validation (such as direct IP access over port 6516), reused nonces, and unscoped WAC.CheckAccess tokens granting tenant-wide access. When combined with Azure JIT access exposing port 6516 to all IPs, attackers can directly forge authentication without DNS discovery, effectively collapsing VM isolation.
Exploitation requires local administrator access on a WAC-enabled Azure VM or Arc machine and a privileged user connecting via Azure Portal. The attack chain involves dumping the WAC certificate, running a rogue server, capturing an admin’s WAC.CheckAccess token, enumerating targets via metadata or subnet scanning, forging a PoP token from an attacker tenant, and issuing InvokeCommand requests for remote code execution across any accessible WAC machine. This enables lateral movement, privilege escalation, credential theft, cross-subscription compromise, and impersonation of administrators using fake UPN identities.
Although no in-the-wild exploitation has been reported, retrospective detection is strongly advised. Defenders should monitor for anomalous WAC virtual accounts such as WAC_user@externaltenant.onmicrosoft.com, mixed-tenant logons, unscoped PoP reuse, rogue WAC services, and suspicious InvokeCommand activity. JIT and NSG rules should be restricted to gateway-only access, and all environments must be updated immediately to v0.70.00. The flaw highlights how subtle SSO validation gaps can enable powerful local-to-cloud pivots, making patching and security simulation testing a top priority.
Impact
- Sensitive Data Theft
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2026-20965
Affected Vendors
Remediation
- Update Windows Admin Center immediately to Azure Extension v0.70.00 or later to patch CVE-2026-20965.
- Audit all WAC-enabled Azure VMs and Arc-connected machines to identify any instances running vulnerable versions below v0.70.00.
- Restrict port 6516 exposure by updating NSG and JIT rules to allow access only from the official WAC gateway DNS, not from all IP sources.
- Disable unnecessary JIT access on WAC-enabled systems and enforce least-privilege network access policies.
- Monitor WAC authentication logs for suspicious virtual accounts such as WAC_user@externaltenant.onmicrosoft.com.
- Detect mixed-tenant logons and block any UPNs not belonging to your Azure tenant.
- Hunt for rogue WAC services or processes that may indicate certificate dumping or fake WAC servers.
- Monitor InvokeCommand activity for unusual spikes or execution from untrusted contexts.
- Rotate WAC certificates and credentials on all previously exposed systems.
- Review Azure role assignments to ensure no over-privileged accounts exist.
- Enable continuous security simulation and attack testing to validate isolation between VMs and Azure resources.
- Perform retrospective threat hunting across logs from August 2025 onward to detect possible past abuse.