Several weaknesses in Microsoft Azure allow remote code execution

• .SentinelLabs uncovered a large number of security weaknesses in Microsoft Azure's Defender for IoT last year, and while Microsoft published various remedy updates for all of these bugs, Azure Defender for IoT users must take quick action.
• You'll be relieved to learn that no evidence of in-the-wild exploits for any of the serious defects discussed here has been discovered.

Did you know that last year, SentinelLabs found a slew of security weaknesses in Microsoft Azure's Defender 

In fact, a few of these flaws were graded as Critical in terms of severity and security impact.

All of the issues have been patched by the Redmond-based software giant, but Azure Defender for IoT users must move quickly.

So far, no proof of in-the-wild exploits has been discovered.

The security experts at SentinelLabs uncovered the issues listed above, which could allow attackers to remotely compromise devices secured by Microsoft Azure Defender for IoT.

Exploits that take advantage of these flaws take advantage of flaws in Azure's Password Recovery process.

SentinelLabs security researchers further say that the security flaws were revealed to Microsoft proactively in June 2021.

CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313, and CVE-2021-42311 are the names of the vulnerabilities, which are all marked as Critical and have a CVSS score of 10.0.

If you're looking for a silver lining in the midst of all the commotion, the team hasn't yet identified proof of in-the-wild abuse.

Despite the fact that the security issues in Microsoft Azure Defender for IoT have been known for over eight months, no attacks based on the bugs have been reported.

It's also worth remembering that the vulnerabilities revealed by SentinelLabs affect both cloud and on-premises customers.

Even if no exploits have been discovered in the wild, a successful attack can compromise the entire network.

You might wonder why. The reason for this is because Azure Defender for IoT is set up with a TAP (Terminal Access Point) on the network traffic.

It goes without saying that if an attacker has unrestricted access, he or she can carry out any attack or steal sensitive data.

What are your thoughts on the situation? Let us know what you think in the comments area below.