KLA12297 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Open Management Infrastructure can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Open Management Infrastructure can be exploited remotely to gain privileges.

Original advisories

CVE-2021-38647

CVE-2021-38648

CVE-2021-38649

CVE-2021-38645

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-System-Center-Operations-Manager

Microsoft-Azure

CVE list

CVE-2021-38645 critical

CVE-2021-38649 high

CVE-2021-38647 critical

CVE-2021-38648 critical

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Azure Diagnostics (LAD)Azure Security CenterSystem Center Operations Manager (SCOM)Container Monitoring SolutionAzure Open Management InfrastructureAzure Stack HubAzure Automation State Configuration, DSC ExtensionAzure SentinelLog Analytics AgentAzure Automation Update Management