KLA12338
Multiple vulnerabilities in Microsoft Azure

Updated: 11/25/2021
Detect date
?
11/09/2021
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Azure RTOS can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in Azure RTOS can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
  4. A tampering vulnerability in Azure Sphere can be exploited remotely to spoof user interface.
  5. An information disclosure vulnerability in FSLogix can be exploited remotely to obtain sensitive information.
Affected products

Azure Sphere
Azure RTOS
FSLogix

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-42301
CVE-2021-42304
CVE-2021-26444
CVE-2021-41375
CVE-2021-41374
CVE-2021-42303
CVE-2021-42300
CVE-2021-42323
CVE-2021-41376
CVE-2021-42302
CVE-2021-41373

Impacts
?
OSI 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Azure
CVE-IDS
?
CVE-2021-423010.0Unknown
CVE-2021-423040.0Unknown
CVE-2021-264440.0Unknown
CVE-2021-413750.0Unknown
CVE-2021-413740.0Unknown
CVE-2021-423030.0Unknown
CVE-2021-423000.0Unknown
CVE-2021-423230.0Unknown
CVE-2021-413760.0Unknown
CVE-2021-423020.0Unknown
CVE-2021-413730.0Unknown
Find out the statistics of the vulnerabilities spreading in your region