Security News > 2020 > August > Microsoft Patches Code Execution, Privilege Escalation Flaws in Azure Sphere
Recently addressed Microsoft Azure Sphere vulnerabilities could lead to the execution of arbitrary code or to elevation of privileges, Cisco Talos' researchers warn.
The cloud-based system on a chip platform was designed for Internet of Things security, and is comprised of a hardware platform, Azure Sphere OS, and the Azure Sphere Security Service.
Talos' security researchers discovered a total of four vulnerabilities in Azure Sphere, two of which could lead to the execution of unsigned code, and two leading to privilege escalation.
According to Talos, both of the code execution flaws affect "The normal world's signed code execution functionality of Microsoft Azure Sphere."
As for the second elevation of privilege bug, it was discovered in the uid map functionality of Microsoft Azure Sphere 20.06 and can be abused through a specially crafted uid map file.