KLA51716
Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A spoofing vulnerability in Azure Apache Oozie can be exploited remotely to spoof user interface.
2. A spoofing vulnerability in Azure Apache Ambari can be exploited remotely to spoof user interface.
3. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
4. A spoofing vulnerability in Azure Apache Hive can be exploited remotely to spoof user interface.
5. An elevation of privilege vulnerability in Azure Arc-Enabled Servers can be exploited remotely to gain privileges.
6. A spoofing vulnerability in Azure HDInsight Jupyter Notebook can be exploited remotely to spoof user interface.
7. A spoofing vulnerability in Azure Apache Hadoop can be exploited remotely to spoof user interface.
8. An information disclosure vulnerability can be exploited remotely to obtain sensitive information.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Azure Arc-Enabled Servers
Azure HDInsights
Azure DevOps Server 2022.0.1
Azure Virtual Machines

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)