KLA12477 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges.

Original advisories

CVE-2022-24517

CVE-2022-24520

CVE-2022-24471

CVE-2022-24518

CVE-2022-24468

CVE-2022-24515

CVE-2022-24506

CVE-2022-24470

CVE-2022-24467

CVE-2022-24519

CVE-2022-24469

Related products

Microsoft-Azure

CVE list

CVE-2022-24517 unknown

CVE-2022-24520 unknown

CVE-2022-24471 unknown

CVE-2022-24518 unknown

CVE-2022-24468 unknown

CVE-2022-24515 unknown

CVE-2022-24506 unknown

CVE-2022-24470 unknown

CVE-2022-24467 unknown

CVE-2022-24519 unknown

CVE-2022-24469 unknown

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Azure Site Recovery VMWare to Azure