Microsoft has fixed dozens of potentially serious Azure security bugs

News
By published

Two Azure flaws allowed for remote code execution

Image of someone clicking a cloud icon.
Image Credit: Shutterstock (Image credit: Shutterstock)

The July 2022 Patch Tuesday cumulative update fixed dozens of serious vulnerabilities found in an Azure disaster recovery service, Microsoft has revealed.

The company recently published a detailed breakdown of the July 2022 Patch Tuesday update, which addressed a total of 84 vulnerabilities, including in the Azure Site Recovery, a disaster-recovery tool that automatically switches workloads to a different location in case of an emergency, and which has had 32 vulnerabilities patched.

Of those 32, two allowed potential remote code execution, while the remaining 30 allowed threat actors to elevate their privileges. 

Running malicious DLLs

Most of the privilege escalation flaws were caused by SQL injection vulnerabilities, Microsoft explained, adding that there were DLL hijacking vulnerabilities discovered, as well. 

The latter, discovered by vulnerability management experts Tenable, is tracked as CVE-2022-33675, and comes with a severity score of 7.8. 

As reported by BleepingComputer, these types of vulnerabilities are caused by insecure permissions on folders that the OS searches, and loads DLLs, when launching an app.

In theory, the attacker can create a malicious DLL with the same name as the legitimate DLL the Azure Site Recovery application runs, and have the app run it. 

Read more

> Microsoft Azure bug left a bunch of cloud databases wide open

> Microsoft Azure security flaw left thousands of cloud databases vulnerable to hackers

> Here's what we think are the best cloud storage solutions today

"DLL hijacking is quite an antiquated technique that we don’t often come across these days. When we do, the impact is often quite limited due to a lack of security boundaries being crossed," Tenable explained in a blog post. 

"In this case, however, we were able to cross a clear security boundary and demonstrated the ability to escalate a user to SYSTEM level permissions, which shows the growing trend of even dated techniques finding a new home in the cloud space due to added complexities in these sorts of environments."

Once the attackers gain elevated privileges on an endpoint, they can change important OS settings, allowing them to extract sensitive files, deploy malware and ransomware, or spy on the users. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.