Kaspersky Threats

Detect date

?

08/09/2022

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges.
An elevation of privilege vulnerability in Azure Batch Node Agent can be exploited remotely to gain privileges.
An information disclosure vulnerability in Azure RTOS GUIX Studio can be exploited remotely to obtain sensitive information.
A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in Azure Site Recovery can be exploited remotely to cause denial of service.
An elevation of privilege vulnerability in System Center Operations Manager: Open Management Infrastructure (OMI) can be exploited remotely to gain privileges.
An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.

Affected products

Open Management Infrastructure
Azure Site Recovery VMWare to Azure
Azure Sphere
Azure Real Time Operating System GUIX Studio
Azure Batch

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-35782
CVE-2022-35790
CVE-2022-33646
CVE-2022-35799
CVE-2022-35814
CVE-2022-35809
CVE-2022-35811
CVE-2022-35808
CVE-2022-34685
CVE-2022-35785
CVE-2022-35817
CVE-2022-35789
CVE-2022-35775
CVE-2022-35772
CVE-2022-35780
CVE-2022-35773
CVE-2022-35788
CVE-2022-35819
CVE-2022-35781
CVE-2022-35784
CVE-2022-35801
CVE-2022-35776
CVE-2022-35802
CVE-2022-33640
CVE-2022-35774
CVE-2022-30175
CVE-2022-35791
CVE-2022-35783
CVE-2022-35787
CVE-2022-34686
CVE-2022-35818
CVE-2022-35800
CVE-2022-35810
CVE-2022-35816
CVE-2022-35813
CVE-2022-35806
CVE-2022-35812
CVE-2022-35779
CVE-2022-30176
CVE-2022-34687
CVE-2022-35821
CVE-2022-35807
CVE-2022-35824
CVE-2022-35786
CVE-2022-35815

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

PE

[?]

Detect date ?	08/09/2022
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges. An elevation of privilege vulnerability in Azure Batch Node Agent can be exploited remotely to gain privileges. An information disclosure vulnerability in Azure RTOS GUIX Studio can be exploited remotely to obtain sensitive information. A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code. A denial of service vulnerability in Azure Site Recovery can be exploited remotely to cause denial of service. An elevation of privilege vulnerability in System Center Operations Manager: Open Management Infrastructure (OMI) can be exploited remotely to gain privileges. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
Affected products	Open Management Infrastructure Azure Site Recovery VMWare to Azure Azure Sphere Azure Real Time Operating System GUIX Studio Azure Batch
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2022-35782 CVE-2022-35790 CVE-2022-33646 CVE-2022-35799 CVE-2022-35814 CVE-2022-35809 CVE-2022-35811 CVE-2022-35808 CVE-2022-34685 CVE-2022-35785 CVE-2022-35817 CVE-2022-35789 CVE-2022-35775 CVE-2022-35772 CVE-2022-35780 CVE-2022-35773 CVE-2022-35788 CVE-2022-35819 CVE-2022-35781 CVE-2022-35784 CVE-2022-35801 CVE-2022-35776 CVE-2022-35802 CVE-2022-33640 CVE-2022-35774 CVE-2022-30175 CVE-2022-35791 CVE-2022-35783 CVE-2022-35787 CVE-2022-34686 CVE-2022-35818 CVE-2022-35800 CVE-2022-35810 CVE-2022-35816 CVE-2022-35813 CVE-2022-35806 CVE-2022-35812 CVE-2022-35779 CVE-2022-30176 CVE-2022-34687 CVE-2022-35821 CVE-2022-35807 CVE-2022-35824 CVE-2022-35786 CVE-2022-35815
Impacts ?	ACE [?] OSI [?] DoS [?] PE [?]
Related products	Microsoft Azure
	Find out the statistics of the vulnerabilities spreading in your region

KLA12604Multiple vulnerabilities in Microsoft Azure

KLA12604
Multiple vulnerabilities in Microsoft Azure