Описание
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
FAQ
What customer action needs to take place to mitigate the vulnerability?
Customers should install the latest version of the Windows Admin Center extension through the Azure Portal. There is no direct download link; instead, customers need to open the Extensions + Applications blade for their virtual machine in the Azure Portal and search for the extension named AdminCenter (Microsoft.AdminCenter.AdminCenter). From there, they can add or update the extension following the standard Azure VM extension installation process described here.
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Windows Admin Center in Azure Portal |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
Уязвимость средства управления серверами Windows Admin Center, связанная с ошибками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3