KLA12604
Multiple vulnerabilities in Microsoft Azure

Обновлено: 10/08/2022
Дата обнаружения
09/08/2022
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Azure Batch Node Agent can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Azure RTOS GUIX Studio can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code.
  6. A denial of service vulnerability in Azure Site Recovery can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in System Center Operations Manager: Open Management Infrastructure (OMI) can be exploited remotely to gain privileges.
  8. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.
Пораженные продукты

Open Management Infrastructure
Azure Site Recovery VMWare to Azure
Azure Sphere
Azure Real Time Operating System GUIX Studio
Azure Batch

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-35782
CVE-2022-35790
CVE-2022-33646
CVE-2022-35799
CVE-2022-35814
CVE-2022-35809
CVE-2022-35811
CVE-2022-35808
CVE-2022-34685
CVE-2022-35785
CVE-2022-35817
CVE-2022-35789
CVE-2022-35775
CVE-2022-35772
CVE-2022-35780
CVE-2022-35773
CVE-2022-35788
CVE-2022-35819
CVE-2022-35781
CVE-2022-35784
CVE-2022-35801
CVE-2022-35776
CVE-2022-35802
CVE-2022-33640
CVE-2022-35774
CVE-2022-30175
CVE-2022-35791
CVE-2022-35783
CVE-2022-35787
CVE-2022-34686
CVE-2022-35818
CVE-2022-35800
CVE-2022-35810
CVE-2022-35816
CVE-2022-35813
CVE-2022-35806
CVE-2022-35812
CVE-2022-35779
CVE-2022-30176
CVE-2022-34687
CVE-2022-35821
CVE-2022-35807
CVE-2022-35824
CVE-2022-35786
CVE-2022-35815
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

PE 
[?]
Связанные продукты
Microsoft Azure
Узнай статистику распространения уязвимостей в твоем регионе