According to the CVSS metric, the attack vector is Adjacent (AV:A), the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability? An authenticated attacker would need to have access to a proxy server created in the same or in an accessible network of the Appliance. What actions do customers need to take to protect themselves from this vulnerability? The vulnerability has been mitigated by the latest change to the Azure Migrate Appliance's AutoUpdater which ensures MSI installers downloaded from the Download Center have been authentically signed by Microsoft prior to installation. See here for information on how to ensure your Azure Migrate Appliance can get the latest Azure Migrate Agent and ConfigManager updates.
Oran Moyal