KLA12123
Multiple vulnerabilities in Microsoft Azure

Обновлено: 16/03/2021
Дата обнаружения
09/03/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An unsigned code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code.
  2. An information disclosure vulnerability in Azure Virtual Machine can be exploited remotely to obtain sensitive information.
Пораженные продукты

Azure Spring Cloud
Azure Kubernetes Service
Azure Container Instance
Azure Service Fabric
Azure Sphere

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-27074
CVE-2021-27075
CVE-2021-27080
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS
CVE-2021-270740.0Unknown
CVE-2021-270750.0Unknown
CVE-2021-270800.0Unknown
Узнай статистику распространения уязвимостей в твоем регионе