- SentinelLabs has discovered a number of critical severity flaws in Microsoft Azure’s Defender for IoT affecting cloud and on-premise customers.
- Unauthenticated attackers can remotely compromise devices protected by Microsoft Azure Defender for IoT by abusing vulnerabilities in Azure’s Password Recovery mechanism.
- SentinelLabs’ findings were proactively reported to Microsoft in June 2021 and the vulnerabilities are tracked as CVE-2021-42310, CVE-2021-42312, CVE-2021-37222, CVE-2021-42313 and CVE-2021-42311 marked as critical, some with CVSS score 10.0.
- Microsoft has released security updates to address these critical vulnerabilities. Users are encouraged to take action immediately.
- At this time, SentinelLabs has not discovered evidence of in-the-wild abuse.
This post was created with our nice and easy submission form. Create your post!