KLA12297
Multiple vulnerabilities in Microsoft System Center

Обновлено: 30/09/2021
Дата обнаружения
14/09/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Open Management Infrastructure can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Open Management Infrastructure can be exploited remotely to gain privileges.
Пораженные продукты

Azure Diagnostics (LAD)
Azure Security Center
System Center Operations Manager (SCOM)
Container Monitoring Solution
Azure Open Management Infrastructure
Azure Stack Hub
Azure Automation State Configuration, DSC Extension
Azure Sentinel
Log Analytics Agent
Azure Automation Update Management

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-38647
CVE-2021-38648
CVE-2021-38649
CVE-2021-38645
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Связанные продукты
Microsoft System Center Operations Manager
Microsoft Azure
CVE-IDS
CVE-2021-386450.0Unknown
CVE-2021-386490.0Unknown
CVE-2021-386470.0Unknown
CVE-2021-386480.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе