Multiple vulnerabilities in Microsoft Azure

Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Azure Storage Movement Client Library can be exploited to cause denial of service.
2. An elevation of privilege vulnerability in Azure Identity Libraries and Microsoft Authentication Library can be exploited remotely to gain privileges.
3. An elevation of privilege vulnerability in Azure Science Virtual Machine (DSVM) can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Microsoft Azure File Sync can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Azure Monitor Agent can be exploited remotely to gain privileges.
6. An elevation of privilege vulnerability in WiX toolset can be exploited to gain privileges.

Original advisories

• CVE-2024-37325

• CVE-2024-35253
• CVE-2024-35254
• CVE-2024-35252
• CVE-2024-35255
• CVE-2024-29187

Related products

• Microsoft-Windows
• Microsoft-Windows-Server
• Microsoft-Azure
• .NET
• Microsoft-Windows-Server-2022

CVE list

• CVE-2024-29187
  high
• CVE-2024-35252
  critical
• CVE-2024-35255
  high
• CVE-2024-37325
  critical
• CVE-2024-35253
  warning
• CVE-2024-35254
  high

KB list

• 5039814
• 5023058

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com