
close
close
Security researchers have uncovered five critical vulnerabilities in Microsoft Azure Defender for IoT. The Redmond giant has already released new security patches to address these exploits, and it recommends all enterprise customers to install them as soon as possible.
According to a report from SentinelOne‘s SentinelLabs, these security vulnerabilities were first discovered by researchers Kasif Dekel and Ronen Shustin. The cyber security company explained that the flaws could potentially allow attackers to exploit certain weaknesses in Azure’s password reset mechanism to remotely gain unauthorized access to targeted machines.
advertisment
SentinelLabs says that the security vulnerabilities, tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313, as well as CVE-2021-42311, affect both on-premises and cloud customers. Security researchers awarded the flaws a “high” severity score and privately reported it to Microsoft back in June 2021.
“Successful attack may lead to full network compromise, since Azure Defender For IoT is configured to have a TAP (Terminal Access Point) on the network traffic. Access to sensitive information on the network could open a number of sophisticated attacking scenarios that could be difficult or impossible to detect,” SentinelLabs explained in its security advisory.
Microsoft Defender for IoT (formerly known as Azure Defender for IoT) is a unified security solution that helps enterprise customers to secure their IoT/OT environments. It offers a wide range of capabilities such as IoT/OT asset discovery, automated threat detection as well as vulnerability management.
Fortunately, Microsoft has implemented its own fix to patch the aforementioned security issues, and the company advises customers “to take action immediately.” Moreover, SentinelLabs claims there is no evidence that these flaws have been exploited by threat actors.
advertisment
“Security vulnerabilities are serious issues we all face and that is why we partner with the industry and follow the Coordinated Vulnerability Disclosure (CVD) process to protect customers before vulnerabilities are public. We addressed the specific issues mentioned and we appreciate the finder working with us to ensure customers remain safe,” a Microsoft spokesperson said in a statement to VentureBeat.
SentinelLabs added that the findings of this research study raise serious concerns regarding the security solutions as well as their impact on the security posture of sectors vulnerable to cyber attacks. As a security measure, it encourages customers to apply a “defense-in-depth approach” to block potential internal or external threats.
More from Rabia Noureen
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
TLStorm 2.0 Exploits Expose Millions of Aruba and Avaya Network Switches to RCE Attacks
May 3, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group