SentinelLabs – the threat intelligence and malware analysis division of SentinelOne – has discovered a number of critical severity flaws in Microsoft Azure’s Defender for IoT affecting cloud and on-premise customers.
Unauthenticated attackers can remotely compromise devices protected by Microsoft Azure Defender for IoT by abusing vulnerabilities in Azure’s Password Recovery mechanism.
SentinelLabs’ findings were proactively reported to Microsoft in June 2021 and the vulnerabilities are tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313 and CVE-2021-42311 marked as critical, some with CVSS score 10.0.
Microsoft has released security updates to address these critical vulnerabilities. Users are encouraged to take action immediately.
At this time, SentinelLabs has not discovered evidence of in-the-wild abuse.
To read the full report, click this link