The Computer Emergency Response Team of France (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in Microsoft Azure. These vulnerabilities could potentially lead to remote arbitrary code execution and privilege escalation.
The affected systems and products include:
- Azure DevOps Server 2019.0.1
- Azure DevOps Server 2019.1.2
- Azure DevOps Server 2020.0.2
- Azure DevOps Server 2020.1.2
- Azure DevOps Server 2022.0.1
- Azure HDInsights
- Azure Kubernetes Service
These vulnerabilities pose significant risks, as they could allow attackers to execute arbitrary code remotely and gain elevated privileges.
Solution: Users and organizations are strongly advised to refer to the security bulletin provided by Microsoft for obtaining the necessary patches and updates. Detailed information about each vulnerability and mitigation measures can be found in the documentation linked below.
Documentation:
- Microsoft Security Bulletin – September 12, 2023
- Microsoft Security Bulletin – CVE-2023-38156 – September 12, 2023
- Microsoft Security Bulletin – CVE-2023-33136 – September 12, 2023
- Microsoft Security Bulletin – CVE-2023-29332 – September 12, 2023
- Microsoft Security Bulletin – CVE-2023-38155 – September 12, 2023
Taking prompt action to apply these patches is crucial to ensure the security and stability of Microsoft Azure environments.