KLA12338
Multiple vulnerabilities in Microsoft Azure

Обновлено: 25/11/2021
Дата обнаружения
09/11/2021
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Azure RTOS can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in Azure RTOS can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
  4. A tampering vulnerability in Azure Sphere can be exploited remotely to spoof user interface.
  5. An information disclosure vulnerability in FSLogix can be exploited remotely to obtain sensitive information.
Пораженные продукты

Azure Sphere
Azure RTOS
FSLogix

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-42301
CVE-2021-42304
CVE-2021-26444
CVE-2021-41375
CVE-2021-41374
CVE-2021-42303
CVE-2021-42300
CVE-2021-42323
CVE-2021-41376
CVE-2021-42302
CVE-2021-41373
Оказываемое влияние
?
OSI 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS
CVE-2021-423010.0Unknown
CVE-2021-423040.0Unknown
CVE-2021-264440.0Unknown
CVE-2021-413750.0Unknown
CVE-2021-413740.0Unknown
CVE-2021-423030.0Unknown
CVE-2021-423000.0Unknown
CVE-2021-423230.0Unknown
CVE-2021-413760.0Unknown
CVE-2021-423020.0Unknown
CVE-2021-413730.0Unknown
Узнай статистику распространения уязвимостей в твоем регионе