1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft has fixed dozens of potentially serious Azure security

    From TechnologyDaily@1337:1/100 to All on Thu Jul 14 19:00:04 2022
    Microsoft has fixed dozens of potentially serious Azure security bugs

    Date:
    Thu, 14 Jul 2022 17:40:41 +0000

    Description:
    Azure flaws allowed for remote code execution, while others escalation of privileges.

    FULL STORY ======================================================================

    The July 2022 Patch Tuesday cumulative update fixed dozens of serious vulnerabilities found in an Azure disaster recovery service, Microsoft has revealed.

    The company recently published a detailed breakdown of the July 2022 Patch Tuesday update, which addressed a total of 84 vulnerabilities, including in the Azure Site Recovery, a disaster-recovery tool that automatically switches workloads to a different location in case of an emergency, and which has had 32 vulnerabilities patched.

    Of those 32, two allowed potential remote code execution, while the remaining 30 allowed threat actors to elevate their privileges. Running malicious DLLs

    Most of the privilege escalation flaws were caused by SQL injection vulnerabilities, Microsoft explained, adding that there were DLL hijacking vulnerabilities discovered, as well.

    The latter, discovered by vulnerability management experts Tenable, is
    tracked as CVE-2022-33675, and comes with a severity score of 7.8.

    As reported by BleepingComputer , these types of vulnerabilities are caused
    by insecure permissions on folders that the OS searches, and loads DLLs, when launching an app.

    In theory, the attacker can create a malicious DLL with the same name as the legitimate DLL the Azure Site Recovery application runs, and have the app run it. Read more

    Microsoft Azure bug left a bunch of cloud databases wide open


    Microsoft Azure security flaw left thousands of cloud databases vulnerable
    to hackers


    Here's what we think are the best cloud storage solutions today

    "DLL hijacking is quite an antiquated technique that we dont often come
    across these days. When we do, the impact is often quite limited due to a
    lack of security boundaries being crossed," Tenable explained in a blog post.

    "In this case, however, we were able to cross a clear security boundary and demonstrated the ability to escalate a user to SYSTEM level permissions,
    which shows the growing trend of even dated techniques finding a new home in the cloud space due to added complexities in these sorts of environments."

    Once the attackers gain elevated privileges on an endpoint , they can change important OS settings, allowing them to extract sensitive files, deploy malware and ransomware, or spy on the users. Here's our list of the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-has-fixed-dozens-of-potentially-serio us-azure-security-bugs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)