KLA12001
Multiple vulnerabilities in Microsoft Azure

Обновлено: 16/11/2020
Дата обнаружения
10/11/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Azure Sphere can be exploited remotely to gain privileges.
  2. A code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code.
  3. A denial of service vulnerability in Azure Sphere can be exploited remotely to cause denial of service.
  4. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
  5. A tampering vulnerability in Azure Sphere can be exploited remotely to spoof user interface.
Эксплуатация

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Пораженные продукты

Azure Sphere

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-16989
CVE-2020-16987
CVE-2020-16992
CVE-2020-16986
CVE-2020-16994
CVE-2020-16984
CVE-2020-16985
CVE-2020-16991
CVE-2020-16990
CVE-2020-16993
CVE-2020-16981
CVE-2020-16982
CVE-2020-16970
CVE-2020-16988
CVE-2020-16983
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS
Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе