Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
How do I protect myself from this vulnerability? For Azure Resource Manager (ARM) customers: Microsoft has deployed a mitigation for this vulnerability across Microsoft‑operated Azure environments. Customers using Azure services hosted by Microsoft are already protected. There is no customer action to take. For Azure Local Disconnected Operations (ALDO) customers: To protect against this vulnerability, customers must update their Azure Local Disconnected Operations (ALDO) environment to the latest available release (version 2604 or later). Updates are not available as standalone patches and must be applied as a full system update through the Azure portal. ALDO is a restricted offering, and updates are only available to approved customers via allow-listing. Customers should follow Microsoft guidance to obtain access and apply the update, using the following documentation: How to deploy Disconnected Operations for Azure Local How to update Disconnected Operations for Azure Local According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could gain elevated privileges beyond those normally available to them, allowing actions such as accessing restricted information or performing operations that are typically limited to more highly privileged users or administrators. How could an attacker exploit this vulnerability? The most realistic exploitation scenario involves a malicious or compromised insider with existing access to the customer’s environment. An attacker could exploit this vulnerability if they: Already have access to the i
Sridhar Periyasamy