The July 2022 Patch Tuesday cumulative update fixed dozens of serious vulnerabilities found in an Azure disaster recovery service, Microsoft revealed.
The company recently released a detailed breakdown of the July 2022 Patch Tuesday update, which fixed a total of 84 vulnerabilities, including in Azure Site Recovery, a disaster recovery tool that automatically switches workloads to another storage location. emergency, and that it had 32 patched vulnerabilities.
Of these 32, two allowed possible remote code execution, while the other 30 allowed threat actors to elevate their privileges.
Run malicious DLL files
Most of the privilege escalation flaws were caused by SQL injection vulnerabilities, Microsoft said, adding that DLL hijacking vulnerabilities were also discovered.
The latter, discovered by vulnerability management experts Tenable, is tracked as CVE-2022-33675 and has a severity score of 7,8.
As reported by BleepingComputer, these types of vulnerabilities are caused by insecure permissions on folders that the operating system looks for and loads DLLs when launching an application.
In theory, the attacker could create a malicious DLL with the same name as the legitimate DLL executed by the Azure Site Recovery application and have the application execute it.
"DLL hijacking is a fairly old-fashioned technique that we don't come across often these days. When we do, the impact is usually quite limited due to the lack of security boundary crossing," Tenable explained in a post. from blog.
"In this case, however, we were able to cross a clear security boundary and demonstrate the ability to elevate a user to SYSTEM level permissions, showing the growing trend of even old-fashioned techniques finding a new home in the cloud due to complexities." additional in these types of environments.
Once attackers gain elevated privileges on an endpoint (opens in a new tab), they can modify important operating system settings, allowing them to extract sensitive files, deploy malware and ransomware, or spy on users.
Via: BleepingComputer (Opens in a new tab)