KLA20046
Multiple vulnerabilities in Microsoft Azure

Обновлено: 10/11/2022
Дата обнаружения
08/11/2022
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Windows Subsystem for Linux (WSL2) Kernel can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Azure CycleCloud can be exploited remotely to gain privileges.
  4. A remote code execution vulnerability in Azure CLI can be exploited remotely to execute arbitrary code.
Пораженные продукты

Azure CycleCloud 8
Azure EFLOW
Azure CLI
Azure RTOS GUIX Studio
Azure CycleCloud 7

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-41051
CVE-2022-38014
CVE-2022-41085
CVE-2022-39327
Оказываемое влияние
?
ACE 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS
CVE-2022-380145.0Critical
CVE-2022-410515.0Critical
CVE-2022-410855.0Critical
CVE-2022-393275.0Critical
Узнай статистику распространения уязвимостей в твоем регионе