in

Microsoft has fixed dozens of potentially serious Azure security flaws

Microsoft has revealed two Azure vulnerabilities that allow remote code execution, the July 2022 Third Patch Cumulative Update fixed dozens of critical vulnerabilities found in the Azure disaster recovery service, Microsoft has revealed.

Microsoft has fixed dozens of potentially serious Azure security bugs
Microsoft has fixed dozens of potentially serious Azure security bugs

The company recently released a detailed analysis of the Patch Tuesday update in July 2022, addressing a total of 84 vulnerabilities, including in Azure Site Recovery, a disaster recovery tool that automatically switches workloads to another location in an emergency, and there have been 32 vulnerabilities patched.

Of those 32, two allowed for potential remote code execution, while the remaining 30 allowed threatening agents to enhance their privileges.

Run malicious DLL files

Microsoft explained that most privilege escalation errors are caused by SQL injection vulnerabilities, adding that there are also DLL intrusion vulnerabilities detected.

The second type, detected by Tenable vulnerability management specialists, was tracked as CVE-2022-33675 and came with a severity score of 7.8.

As reported by BleepingComputer, these types of vulnerabilities are due to insecure permissions on the folders that the Operating System searches for and downloads DLL files at the launch of the application.

In theory, an attacker could create a malicious DLL with the same name as the legitimate DLL that the Azure Site Recovery app runs and ask the app to run it.

Tenable explained in a blog post: “Stealing DLL is a fairly archaic technique that we don’t often encounter today. When we do, its impact is often quite limited due to the lack of crossed security boundaries,” Tenable explained in a blog post.

“However, in this case, we have been able to push clear security boundaries and demonstrate the ability to upgrade users to permissions at the SYSTEM level, which indicates a growing trend of techniques even increasingly looking for a new home in the cloud space due to the added complexity in these types of environments.”

When attackers get advanced privileges on an endpoint (open in the new tab), they can change important operating system settings, allowing them to extract sensitive files, deploy malware and ransomware, or spy on users.

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Windows 12 could arrive in 2024

Windows 12 could launch in 2024

Hackers could use your Mac to exploit Microsoft Word security flaws

Hackers can use your Mac to exploit Microsoft Word security flaws