Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA20004
Multiple vulnerabilities in Microsoft Azure

Updated: 09/29/2023
Detect date
?
 10/11/2022
Severity
?
 Critical
Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Azure Arc-enabled Kubernetes cluster Connect can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in StorSimple 8000 Series can be exploited remotely to gain privileges.
  3. A spoofing vulnerability in Service Fabric Explorer can be exploited remotely to spoof user interface.
Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products

Azure Service Fabric Explorer
Azure Arc-enabled Kubernetes cluster 1.8.11
Azure StorSimple 8000 Series
Azure Arc-enabled Kubernetes cluster 1.5.8
Azure Arc-enabled Kubernetes cluster 1.7.18
Azure Arc-enabled Kubernetes cluster 1.6.19
Azure Stack Edge
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2022-37968
CVE-2022-38017
CVE-2022-35829
Impacts
?
PE 
[?]

SUI 
[?]
Related products
 Microsoft Edge
Microsoft Azure
CVE-IDS
?
CVE-2022-379685.0Warning
CVE-2022-380175.0Warning
CVE-2022-358295.0Warning
Microsoft official advisories
 Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up