July 15, 2014 | Israeli cyber security firm Aorato announced the discovery of a critical design flaw in Microsoft’s Active Directory. The Microsoft software is widely used to provide network access, but the company asserts that the design flaw is known and that there are defenses in place to prevent identity fraud. Aorato discovered that passwords could potentially be changed by hackers due to bugs in Active Directory. “The dire consequences we are discussing–that an attacker can change the password–was definitely not known,” stated Tal Be’ery, Vice President of Research at Aorato. In addition, Aorato noted that about 95 percent of Fortune 500 companies use Active Directory making the problem “highly sensitive.” Aorato is an Israeli company specializing in Microsoft technologies with intimate knowledge of Active Directory from a cyber security perspective.