Internal testing of Active Roles 7.4.0 has revealed a potential vulnerability in very specific deployment configurations. This hotfix resolves the vulnerability.
This hotfix should ONLY be installed on Active Roles 7.4.0 installations. The vulnerability has been resolved in Active Roles 7.4.1 and therefore this hotfix is not required for that version.
This hotfix resolves the following issues:
Active Roles Web Interface exposes a potential vulnerability under very specific circumstances.
Error message for Office 365 Roles Management policy violation appears as "The Azure user Role(s) can be assigned" instead of "The Azure user Role(s) cannot be assigned".
In Active Roles web interface, objects are retrieved slowly when RSTS Authentication is configured.
Active Roles crashes on-post operations (executed through workflow/policy) when SaaS provisioned policy is enabled on OU.
In Active Roles MMC, Starling 2FA authentication dialog box still displays the SMS or Phone call options even after disabling these options in Starling 2FA settings.
MSOnline cmdlet fails while executing O365 script execution configuration activity in the automation workflow.
Please download the hotfix here.
Installing this hotfix
To install the hotfix