Five critical vulnerabilities found and patched in Microsoft Azure Defender for IoT

SentinelOne’s SentinelLabs Discovered Numerous Security Vulnerabilities Numerous security vulnerabilities were discovered in Microsoft’s Azure IoT Defender last year. Some of these vulnerabilities are rated "Critical" in severity and impact. Microsoft urges Azure Defender for IoT users The company has released patches for all bugs but must take immediate action.

Security researchers at SentinelLabs have discovered a device protected by Microsoft’s Azure Defender for IoT that could allow an attacker to remotely compromise a protected device. Exploits based on these vulnerabilities exploit certain weaknesses in the Azure password recovery mechanism.

SentinelLabs claims it proactively reported the security vulnerability to Microsoft in June 2021. These vulnerabilities are tracked and marked as critical, with some having a CVSS score of 10.0, which is the highest. Security researchers claim they have found no evidence of brutal abuse. In other words, despite the existence of security vulnerabilities CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313, and CVE-2021-42311, Microsoft has had security vulnerabilities in Azure Defender for IoT for more than eight months. No attacks based on these bugs have been documented.

Microsoft Defender for IoT is agentless network layer security for continuous IoT (Internet of Things) or OT (Operational Technology) asset discovery, vulnerability management, and threat detection. Microsoft ensures that the protection layer does not require changes to the existing environment. It is a flexible security platform, which means users can choose to deploy the same security platform on-premises or in an Azure-connected environment.

Microsoft acquired CyberX back in 2020. Azure Defender for IoT is a product primarily based on CyberX. It appears that at least one attack vector was discovered in the installation script and the tar archive containing the system's encrypted files. Both files exist in the home directory of the "CyberX" user. This script decrypts archive files.

The vulnerabilities discovered by SentinelLabs affect both cloud and on-premises customers. Although there is no evidence of exploitation "in the wild," a successful attack could result in the entire network being compromised. This is mainly because Azure Defender for IoT is configured to have a TAP (Terminal Access Point) on the network traffic. Needless to say, once an attacker has unrestricted access, they can perform any attack or steal sensitive information.

The above is the detailed content of Five critical vulnerabilities found and patched in Microsoft Azure Defender for IoT. For more information, please follow other related articles on the PHP Chinese website!