Rewterz Threat Advisory –Multiple Microsoft Office Vulnerabilities
January 11, 2023Rewterz Threat Advisory – Multiple Microsoft SharePoint Server Vulnerabilities
January 11, 2023Rewterz Threat Advisory –Multiple Microsoft Office Vulnerabilities
January 11, 2023Rewterz Threat Advisory – Multiple Microsoft SharePoint Server Vulnerabilities
January 11, 2023Severity
Medium
Analysis Summary
CVE-2023-21531 CVSS:7
Microsoft Azure Service Fabric Container could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Container component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain control over the Service Fabric cluster.
CVE-2022-23551 CVSS:5.3
Microsoft Azure AAD Pod Identity could allow a local authenticated attacker to bypass security restrictions, caused by a flaw in the NMI validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to allow a pod in the cluster to access restricted identities.
Impact
- Privilege Escalation
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-21531
- CVE-2022-23551
Affected Vendors
Microsoft
Affected Products
- Microsoft Azure AAD Pod Identity 1.8.12
- Microsoft Azure Service Fabric 8.2
- Microsoft Azure Service Fabric 9.0
- Microsoft Azure Service Fabric 9.1
Remediation
Refer to Microsoft Security Advisory for patch, upgrade or suggested workaround information.