Critical Vulnerabilities in Microsoft Azure Prompt Urgent Action

The French Computer Emergency Response Team (CERT-FR) has issued an advisory regarding multiple vulnerabilities discovered in Microsoft Azure. These vulnerabilities pose severe risks, including denial of service, remote code execution, and privilege escalation.

Affected Systems:

  • Azure DevOps Server 2020.0.2
  • Azure DevOps Server 2020.1.2
  • Azure DevOps Server 2022.0.1
  • Azure HDInsight
  • Azure Identity SDK for .NET
  • Azure Identity SDK for Java
  • Azure Identity SDK for JavaScript
  • Azure Identity SDK for Python
  • Azure Network Watcher VM Extension
  • Azure RTOS GUIX Studio
  • Azure RTOS GUIX Studio Installer Application

Summary: The identified vulnerabilities in Microsoft Azure could allow attackers to exploit and execute actions such as denial of service, elevation of privileges, and remote code execution.

Recommended Action: Organizations using the affected systems are strongly advised to take immediate action to secure their systems. Please refer to CERT-FR’s detailed advisory for information on each vulnerability and recommended fixes.