Security News > 2022 > March > Detailed: Critical hijacking bugs that took months to patch in Microsoft Azure Defender for IoT
SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks.
Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.
"Successful attack may lead to full network compromise, since Azure Defender For IoT is configured to have a TAP on the network traffic," according to a technical analysis by SentinelLabs' Kasif Dekel and independent researcher Ronen Shustin.
Two of the critical bugs in Defender for IoT, CVE-2021-42311 and CVE-2021-42313, were SQL injection vulnerabilities and both received a perfect 10 out of 10 score in terms of severity.
CVE-2021-42310, which is ranked as a high-severity vulnerability, targets the Defender for IoT device password recovery mechanism.
While none of these bugs were exploited beyond SentinelLab's proof-of-concept code, these vulnerabilities are "Particularly concerning when it comes to IoT and OT devices that have little to no defenses and depend entirely on these vulnerable platforms for their security posture," the analysis warned.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/30/sentinelone_microsoft_azure_iot/
Related news
- Progress urges admins to patch critical WhatsUp Gold bugs ASAP (source)
- Microsoft Defender adds detection of unsecure Wi-Fi networks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-15 | CVE-2021-42313 | SQL Injection vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 |
2021-12-15 | CVE-2021-42311 | SQL Injection vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 10.0 |
2021-12-15 | CVE-2021-42310 | Unspecified vulnerability in Microsoft Defender for IOT Microsoft Defender for IoT Remote Code Execution Vulnerability | 9.8 |