Security researchers have uncovered five critical vulnerabilities in Microsoft Azure Defender for IoT. The Redmond giant has already released new security patches to address these exploits, and it recommends all enterprise customers to install them as soon as possible.
According to a report from SentinelOne‘s SentinelLabs, these security vulnerabilities were first discovered by researchers Kasif Dekel and Ronen Shustin. The cyber security company explained that the flaws could potentially allow attackers to exploit certain weaknesses in Azure’s password reset mechanism to remotely gain unauthorized access to targeted machines.
SentinelLabs says that the security vulnerabilities, tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313, as well as CVE-2021-42311, affect both on-premises and cloud customers. Security researchers awarded the flaws a “high” severity score and privately reported it to Microsoft back in June 2021.
“Successful attack may lead to full network compromise, since Azure Defender For IoT is configured to have a TAP (Terminal Access Point) on the network traffic. Access to sensitive information on the network could open a number of sophisticated attacking scenarios that could be difficult or impossible to detect,” SentinelLabs explained in its security advisory.
Microsoft Defender for IoT (formerly known as Azure Defender for IoT) is a unified security solution that helps enterprise customers to secure their IoT/OT environments. It offers a wide range of capabilities such as IoT/OT asset discovery, automated threat detection as well as vulnerability management.
Fortunately, Microsoft has implemented its own fix to patch the aforementioned security issues, and the company advises customers “to take action immediately.” Moreover, SentinelLabs claims there is no evidence that these flaws have been exploited by threat actors.
“Security vulnerabilities are serious issues we all face and that is why we partner with the industry and follow the Coordinated Vulnerability Disclosure (CVD) process to protect customers before vulnerabilities are public. We addressed the specific issues mentioned and we appreciate the finder working with us to ensure customers remain safe,” a Microsoft spokesperson said in a statement to VentureBeat.
For a more detailed understanding of Azure Sphere, check out Securing IoT with Azure Sphere on Petri.
SentinelLabs added that the findings of this research study raise serious concerns regarding the security solutions as well as their impact on the security posture of sectors vulnerable to cyber attacks. As a security measure, it encourages customers to apply a “defense-in-depth approach” to block potential internal or external threats.