This issue was previously classified as a “low” risk because it only allows an attacker to run code on the VMs and not on the cloud provider itself. However, Microsoft has now upgraded the risk level to “critical” due to the fact that an attacker could run code on the cloud provider itself with this vulnerability, so cloud providers are now required to patch this issue quickly. Azure Site Recovery is currently in preview and is not widely used, so the risk of an attacker being able to run code on the cloud provider itself is currently low. Azure VMs, on the other hand, are used in many production environments, so an attacker with the ability to run code on the cloud provider itself could have a serious impact on many customers. Azure is currently in the process of releasing a patch for this issue.
The Azure Remote Code Execution Vulnerability
On the evening of January 16th, Microsoft released an emergency patch for the Azure Remote Code Execution Vulnerability (CVE-2022-24469). This vulnerability was discovered on January 12th and it allows an attacker to execute code remotely on a Windows server managed by Azure. The vulnerability is in the way that Azure handles authentication requests which could result in remote code execution. It's still unclear whether this vulnerability has been exploited in the wild yet and this patch only addresses the issue on Azure v2.0 servers so it's possible that other versions of the platform may be vulnerable as well.
An attacker with this exploit can use it to access sensitive user data and run arbitrary commands on all virtual machines hosted by a cloud provider, including those of customers' organizations. There is no evidence of exploitation in production environments at this time but there have been reports that some hackers are using this exploit to run malicious code on vulnerable cloud providers’ resources without their consent
Summary of Azure Site Recovery vulnerability
Microsoft has upgraded the risk level of this vulnerability to "critical" because an attacker could run code on the cloud provider itself.
Azure Site Recovery is currently in preview, so the risk of an attacker being able to run code on the cloud provider itself is low. Azure VMs are used in many production environments, so an attacker with the ability to run code on the cloud provider itself could have a serious impact on many customers. Microsoft is currently in the process of releasing a patch for this issue.
Microsoft Azure Remote Code Execution Vulnerability
A remote code execution vulnerability has been discovered in Microsoft Azure that allows an attacker to run code on the cloud provider itself. Microsoft has now upgraded the risk level of this issue to "critical" due to the fact that an attacker could run code on the cloud provider itself with this vulnerability. This vulnerability is present in Azure Site Recovery, which is currently in preview and not widely used, so the risk of an attacker being able to run code on the cloud provider itself is currently low. Azure VMs are used in many production environments, so an attacker who can exploit this vulnerability could have a serious impact on many customers. Microsoft is currently in the process of releasing a patch for this issue.
Timeline
Published on: 03/09/2022 17:15:00 UTC
Last modified on: 03/14/2022 17:39:00 UTC