Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA60565
Multiple vulnerabilities in Microsoft Azure

Updated: 09/29/2023
Detect date
?
 09/12/2023
Severity
?
 Critical
Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Identity Linux Broker can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Azure DevOps Server can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Azure HDInsight Apache Ambari can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Microsoft Azure Kubernetes Service can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Azure DevOps Server can be exploited remotely to execute arbitrary code.
Affected products

Microsoft Identity Linux Broker
Azure DevOps Server 2022.0.1
Azure HDInsights
Azure Kubernetes Service
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2023-36736
CVE-2023-38155
CVE-2023-38156
CVE-2023-29332
CVE-2023-33136
Impacts
?
ACE 
[?]

PE 
[?]
Related products
 Microsoft Azure
CVE-IDS
?
CVE-2023-381555.0Warning
CVE-2023-331365.0Warning
CVE-2023-367365.0Warning
CVE-2023-381565.0Warning
CVE-2023-293325.0Warning
Microsoft official advisories
 Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up