Microsoft has fixed dozens of potentially serious Azure security bugs

Two Azure flaws allowed for remote code execution

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The July 2022 Patch Tuesday cumulative update fixed dozens of serious vulnerabilities found in an Azure disaster recovery service,Microsofthas revealed.

The company recently published a detailed breakdown of the July 2022 Patch Tuesday update, which addressed a total of 84 vulnerabilities, including in the Azure Site Recovery, a disaster-recovery tool that automatically switches workloads to a different location in case of an emergency, and which has had 32 vulnerabilities patched.

Of those 32, two allowed potential remote code execution, while the remaining 30 allowed threat actors to elevate their privileges.

Running malicious DLLs

Most of the privilege escalation flaws were caused by SQL injection vulnerabilities, Microsoft explained, adding that there were DLL hijacking vulnerabilities discovered, as well.

The latter, discovered by vulnerability management experts Tenable, is tracked as CVE-2022-33675, and comes with a severity score of 7.8.

As reported byBleepingComputer, these types of vulnerabilities are caused by insecure permissions on folders that the OS searches, and loads DLLs, when launching an app.

In theory, the attacker can create a malicious DLL with the same name as the legitimate DLL the Azure Site Recovery application runs, and have the app run it.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft Azure bug left a bunch of cloud databases wide open>Microsoft Azure security flaw left thousands of cloud databases vulnerable to hackers>Here’s what we think are the best cloud storage solutions today

“DLL hijacking is quite an antiquated technique that we don’t often come across these days. When we do, the impact is often quite limited due to a lack of security boundaries being crossed,” Tenable explained in a blog post.

“In this case, however, we were able to cross a clear security boundary and demonstrated the ability to escalate a user to SYSTEM level permissions, which shows the growing trend of even dated techniques finding a new home in the cloud space due to added complexities in these sorts of environments.”

Once the attackers gain elevated privileges on anendpoint, they can change important OS settings, allowing them to extract sensitive files, deploy malware and ransomware, or spy on the users.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Adobe’s decision to eliminate perpetual licensing for its Elements software has stirred controversy among consumers

Scotland vs South Africa live stream: how to watch 2024 rugby union Autumn International online from anywhere