Kaspersky Threats

Detect date

?

11/10/2020

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Azure Sphere can be exploited remotely to gain privileges.
A code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Azure Sphere can be exploited remotely to cause denial of service.
An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
A tampering vulnerability in Azure Sphere can be exploited remotely to spoof user interface.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Azure Sphere

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-16989
CVE-2020-16987
CVE-2020-16992
CVE-2020-16986
CVE-2020-16994
CVE-2020-16984
CVE-2020-16985
CVE-2020-16991
CVE-2020-16990
CVE-2020-16993
CVE-2020-16981
CVE-2020-16982
CVE-2020-16970
CVE-2020-16988
CVE-2020-16983

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

PE

[?]

SUI

[?]

Detect date ?	11/10/2020
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Sphere can be exploited remotely to gain privileges. A code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code. A denial of service vulnerability in Azure Sphere can be exploited remotely to cause denial of service. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information. A tampering vulnerability in Azure Sphere can be exploited remotely to spoof user interface.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Azure Sphere
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-16989 CVE-2020-16987 CVE-2020-16992 CVE-2020-16986 CVE-2020-16994 CVE-2020-16984 CVE-2020-16985 CVE-2020-16991 CVE-2020-16990 CVE-2020-16993 CVE-2020-16981 CVE-2020-16982 CVE-2020-16970 CVE-2020-16988 CVE-2020-16983
Impacts ?	ACE [?] OSI [?] DoS [?] PE [?] SUI [?]
Related products	Microsoft Azure
CVE-IDS ?	CVE-2020-169897.2High CVE-2020-169877.2High CVE-2020-169927.2High CVE-2020-169862.1Warning CVE-2020-169942.1Warning CVE-2020-169847.2High CVE-2020-169852.1Warning CVE-2020-169912.1Warning CVE-2020-169902.1Warning CVE-2020-169934.6Warning CVE-2020-169817.2High CVE-2020-169827.2High CVE-2020-169707.2High CVE-2020-169887.2High CVE-2020-169837.2High
	Find out the statistics of the vulnerabilities spreading in your region

KLA12001Multiple vulnerabilities in Microsoft Azure

KLA12001
Multiple vulnerabilities in Microsoft Azure