The French Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in Microsoft Azure. These vulnerabilities pose severe risks, including denial of service, remote code execution, and privilege escalation.
Affected Systems:
- Azure DevOps Server 2020.0.2
- Azure DevOps Server 2020.1.2
- Azure DevOps Server 2022.0.1
- Azure HDInsight
- Azure Identity SDK for .NET
- Azure Identity SDK for Java
- Azure Identity SDK for JavaScript
- Azure Identity SDK for Python
- Azure Network Watcher VM Extension
- Azure RTOS GUIX Studio
- Azure RTOS GUIX Studio Installer Application
Summary: The identified vulnerabilities in Microsoft Azure could allow attackers to exploit and execute actions such as denial of service, elevation of privileges, and remote code execution.
Recommended Action: Organizations using the affected systems are strongly advised to take immediate action to secure their systems. Please refer to CERT-FR’s detailed advisory for information on each vulnerability and recommended fixes.