KLA12123 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An unsigned code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code.
2. An information disclosure vulnerability in Azure Virtual Machine can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2021-27074

CVE-2021-27075

CVE-2021-27080

Related products

Microsoft-Azure

CVE list

CVE-2021-27074 high

CVE-2021-27075 high

CVE-2021-27080 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

• Azure Spring CloudAzure Kubernetes ServiceAzure Container InstanceAzure Service FabricAzure Sphere