CVE-2025-26627

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

How do I know if I'm affected by this vulnerability?

Only machines onboarded via Group Policy that have the GPO applied to them are affected.

The GPO name is '[MSFT] Azure Arc Servers Onboarding' followed by a datetimestamp e.g. '[MSFT] Azure Arc Servers Onboarding20250220113589'

What steps are needed to protect from this vulnerability?

1. Unassign and delete the previous Group Policy Object from the Group Policy Management Console (GPMC).
2. Download the new scripts from the Fixed agent proxy parameter release in the Github repository 1.0.10.
3. Run the DeployGPO script as before using the same parameters.
4. Assign the new Group Policy Object to your groups/domains/units.

For further information, please go to the Arc blade of Azure Portal and follow the instructions for GPO onboarding.

Only machines onboarded via Group Policy that have the GPO applied to them are affected

The GPO name is '[MSFT] Azure Arc Servers Onboarding' followed by a datetimestamp e.g. '[MSFT] Azure Arc Servers Onboarding20250220113589'

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system.