Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-30177 CVSS:7.8

Microsoft Azure RTOS could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the GUIX Studio component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30178 CVSS:7.8

Microsoft Azure RTOS could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the GUIX Studio component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30179 CVSS:7.8

Microsoft Azure RTOS could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the GUIX Studio component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-30180 CVSS:7.8

Microsoft Azure RTOS GUIX Studio could allow a remote attacker to obtain sensitive information. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

Impact

• Information Disclosure
• Code Execution

Indicators Of Compromise

CVE

• CVE-2022-30177
• CVE-2022-30178
• CVE-2022-30179
• CVE-2022-30180

Affected Vendors

Microsoft

Affected Products

Microsoft Azure RTOS

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2022-30177 
CVE-2022-30178 
CVE-2022-30179 
CVE-2022-30180