Microsoft fixes dozens of Azure Site Recovery privilege escalation bugs

Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.

The Azure Site Recovery service is a disaster recovery service that will automatically fail-over workloads to secondary locations when a problem is detected.

As part of the July 2022 Patch Tuesday, Microsoft fixed 84 flaws, with Azure Site Recovery vulnerability accounting for more than a third of the bugs fixed today.

Of the thirty-two vulnerabilities fixed in Azure Site Recovery, two allow remote code execution, and a whopping thirty vulnerabilities allow for elevation of privileges.

In an advisory released today, Microsoft states that SQL injection vulnerabilities caused most of the privilege escalation bugs.

To perform the attack, a threat actor can create a custom, malicious DLL using the same name as a regular DLL loaded by the Azure Site Recovery application.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us about your needs.
Get an answer the same business day.

Tell us about your needs.
Get an answer the same business day.

Fill out the form below and get an answer from our experts within 1 business day.
Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.
PCI-DSS

What happens next:

  • We reach out to learn about your objectives
  • We work together to define your project's scope
  • You get an all-inclusive, no engagement proposal

Scroll to Top

BOOK A MEETING

Enter Your
Corporate Email

Restez Informés!

Abonnez-vous pour rester au fait des dernières tendances, menaces, nouvelles et statistiques dans l’industrie.